UBUNTU-CVE-2024-9102

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-9102
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-9102.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-9102
Related
Published
2024-12-19T14:15:00Z
Modified
2025-07-03T05:07:18Z
Severity
  • 5.0 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export.

References

Affected packages

Ubuntu:Pro:16.04:LTS / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.2-5.2ubuntu2.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-5.2
1.2.2-5.2ubuntu1
1.2.2-5.2ubuntu2
1.2.2-5.2ubuntu2.1

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:Pro:18.04:LTS / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.2-6ubuntu1.1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-6ubuntu1
1.2.2-6ubuntu1.1

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:Pro:20.04:LTS / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.2-6.3?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-6.1ubuntu1
1.2.2-6.2ubuntu1
1.2.2-6.3

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:22.04:LTS / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.6.3-0.2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-6.3
1.2.6.3-0.2

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:24.10 / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.6.7-1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6.7-1

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:24.04:LTS / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.6.7-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6.3-0.3
1.2.6.6-2
1.2.6.7-1

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}

Ubuntu:25.04 / phpldapadmin

Package

Name
phpldapadmin
Purl
pkg:deb/ubuntu/phpldapadmin@1.2.6.7-4?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6.7-1
1.2.6.7-2
1.2.6.7-4

Ecosystem specific 

{
    "ubuntu_priority": "low",
    "priority_reason": "Does not directly affected phpLDAPadmin itself."
}