Mandriva Linux Security Advisory 2011-163 - Multiple vulnerabilities was discovered and corrected in phpldapadmin. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Input passed to the orderby parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. The updated packages have been upgraded to the latest version which is not vulnerable to these issues.
6a8eb2c9e6fc20b6430bd1ef4c22501633d729e8da1461de60a868adcbc1ea75
Debian Linux Security Advisory 2333-1 - Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers.
861f571dddde829a490a000ee8e7d94293591cdaced64343b9872f5c94461c4a