CVE-2026-27895 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF…
Medium CVSS: 4.3

CVE-2026-27895

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files) can be uploaded. With GHSA-w7xq-vjr3-p9cf, an attacker can achieve remote code execution as the web server user. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user.
Vendor
Ldap-account-manager
Product
Ldap Account Manager
CWE
CWE-185
Yayın Tarihi
2026-03-18 00:16:19
Güncelleme
2026-03-23 18:02:27
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-185 Ldap Account Manager MEDIUM Ldap-account-manager 2026

Referanslar

https://github.com/LDAPAccountManager/lam/releases/tag/9.5 https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8 https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf