CVE-2024-9102 Affecting phpldapadmin package, versions *


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-PHPLDAPADMIN-8538044
  • published20 Dec 2024
  • disclosed19 Dec 2024

Introduced: 19 Dec 2024

NewCVE-2024-9102  (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 phpldapadmin.

NVD Description

Note: Versions mentioned in the description apply only to the upstream phpldapadmin package and not the phpldapadmin package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.