Vulnerability Details CVE-2005-2654
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
- http://www.debian.org/security/2005/dsa-790
- http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
- http://www.debian.org/security/2005/dsa-790
- http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml
Products affected by CVE-2005-2654
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.0
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.1
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.2
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.3
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.4
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.4a
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.4b
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.5
-
cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.6