CVE 2009-4427
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
Related bugs and status
CVE-2009-4427 (Candidate) is related to these bugs:
Bug #384157: phpldapadmin fatal error renaming cn
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 384157 | phpldapadmin fatal error renaming cn | phpldapadmin (Ubuntu) | Undecided | Fix Released | ||
| 384157 | phpldapadmin fatal error renaming cn | phpldapadmin (Ubuntu Lucid) | Undecided | Fix Released | ||
Bug #511189: security update missed
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 511189 | security update missed | phpldapadmin (Ubuntu) | Medium | Fix Released | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Dapper) | Undecided | Won't Fix | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Lucid) | Undecided | Fix Released | ||
| 511189 | security update missed | phpldapadmin (Ubuntu Maverick) | Medium | Fix Released | ||
Bug #551269: phpldapadmin: Incompatible with PHP 5.3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Ubuntu) | Undecided | Fix Released | ||
| 551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Debian) | Unknown | Fix Released | ||
| 551269 | phpldapadmin: Incompatible with PHP 5.3 | phpldapadmin (Ubuntu Lucid) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
