phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code In

Posted on 26 October 2011

This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.