Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31086

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.

CVE
Open in Source
#vulnerability#web#git#php#rce#ldap#pdf

Impact

Incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the
/config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM.

Patches

The issue is fixed in version 8.0.

Workarounds

None

For more information

If you have any questions or comments about this advisory:

  • Open an issue in https://github.com/LDAPAccountManager/lam/issues
  • Email us on lam-public mailinglist

Credits

Arseniy Sharoglazov and Andrey Medov

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE