Vibechild Directory Manager Command Execution Vulnerability

Directory Manager is an application used to maintain LDAP directory data. It is maintained by Vibechild and hosted for download on Sourceforge.net.

An input validation error exists in Directory Manager that may enable remote attackers to execute arbitrary code on a host running the software. The flaw is due to a script in the package that fails to filter shell metacharacters from a user-supplied value passed to PHP's passthru() function.

Exploitation of this vulnerability may lead to the disclosure of sensitive data on or compromise of a vulnerable host.


 

Privacy Statement
Copyright 2010, SecurityFocus