CVE-2024-9102
on github
Published
Severity
CVSS v3:
N/A
CVSS v2:
N/A
Description
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.
References
- https://github.com/leenooks/phpLDAPadmin/commit/ea17aadef46fd29850160987fe7740ceed1381ad#diff-93b9f3e6d4c5bdacf469ea0ec74c1e9217ca6272da9be5a1bfd711f7da16f9e3R240
- https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0
- https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|