LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-06-27T20:50:21

Updated: 2024-08-03T07:11:39.584Z

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31086

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-27T21:15:08.280

Modified: 2024-11-21T07:03:51.990

Link: CVE-2022-31086

cve-icon Redhat

No data.