Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phpLDAPadmin: Improper Neutralization of Formula Elements
Vulnerability Description
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export.
CVSS Information
N/A
Vulnerability Type
CWE-1236
Vulnerability Title
phpLDAPadmin 安全漏洞
Vulnerability Description
phpLDAPadmin是phpLDAPadmin个人开发者的一款基于Web的LDAP客户端,它主要用于管理LDAP服务器。 phpLDAPadmin 1.2.0版本至1.2.6.7版本存在安全漏洞。攻击者利用该漏洞可以导致 CSV 公式注入。
CVSS Information
N/A
Vulnerability Type
N/A