Title: Vibechild Directory Manager Command Execution Vulnerability
Severity: CRITICAL
Description:
Directory Manager is an application used to maintain LDAP directory data. It is maintained by Vibechild and hosted for download on Sourceforge.net.
An input validation error exists in Directory Manager that may enable remote attackers to execute arbitrary code on a host running the software. The flaw is due to a script in the package that fails to filter shell metacharacters from a user-supplied value passed to PHP's passthru() function.
Successful exploitation of this issue is achievable by submitting shell metacharacters followed by a command in the 'userfile_name' field of a HTTP request.
Exploitation of this vulnerability may lead to the disclosure of sensitive data on or compromise of a vulnerable host.
Affected Products:
- Vibechild Directory Manager 0.9.0
References:
- SourceForge: Directory Manager Download page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
