cvedb.io
CVE-2022-31086
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-06-27T21:15:08.280 · Last modified 2026-06-17T04:44:46.027

Summary

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.

Affected products

ldap-account-manager — ldap_account_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when ldap-account-manager ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.