MDVSA-2012:020
- Nom du paquet
- phpldapadmin
- Date
- 2012-02-15
- Advisory ID
- MDVSA-2012:020
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in phpldapadmin:
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in
phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject
arbitrary web script or HTML via the base parameter in a query_engine
action to cmd.php (CVE-2012-0834).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
b4099f71ab2b3ac8052b23f6c6ad8551 mes5/i586/phpldapadmin-1.2.2-0.3mdvmes5.2.noarch.rpm 61cf472322320166cdcfcf80df160402 mes5/SRPMS/phpldapadmin-1.2.2-0.3mdvmes5.2.src.rpm
MES5 x86_64
e6431121604ed1e8409853c75c40f51b mes5/x86_64/phpldapadmin-1.2.2-0.3mdvmes5.2.noarch.rpm 61cf472322320166cdcfcf80df160402 mes5/SRPMS/phpldapadmin-1.2.2-0.3mdvmes5.2.src.rpm