Public exploit · Metasploit Module
phpLDAPadmin query_engine Remote PHP Code Injection
Exploit summary
This module exploits a vulnerability in lib/functions.php in phpLDAPadmin versions 1.2.1.1 and earlier that allows attacker input to be parsed directly to the create_function() PHP function, enabling remote code injection and execution.
Source & references