CVE-2024-9102

NameCVE-2024-9102
DescriptionphpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1090914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpldapadmin (PTS)jessie, jessie (lts)1.2.2-5.2+deb8u3vulnerable
bookworm1.2.6.3-0.3+deb12u1vulnerable
sid, trixie1.2.6.7-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpldapadminsource(unstable)(unfixed)1090914

Notes

https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
Search for package or bug name: Reporting problems