← back
CVE-2011-4075observed exploitation

CVE-2011-4075

72Vexday Risk Score

Patch now. It exploitation observed by VulnCheck and has a working public exploit.

ssvc Actepss 52%
from disclosure to weapon0 days
Published on NVDNov 2
1st PoCOct 23
metasploitOct 24
VulnCheckNov 2
exploitation probability
52%top 1% of all CVEs
observed exploitation
yesVulnCheck
3 public exploit(s)
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.