How severe is CVE-2022-31086?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2022-31086?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2022-31086 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2022-22975

MEDIUM

CVSS:6.6(Medium)

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (C...

CWE-742022

CVE-2025-1465

LOW

CVSS:6.6(Medium)

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code inje...

CWE-742025

CVE-2025-30664

MEDIUM

CVSS:6.6(Medium)

Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.

CWE-742025

CVE-2015-10040

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Han...

CWE-742015

CVE-2016-0881

MEDIUM

CVSS:6.5(Medium)

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informatio...

CWE-742016

CVE-2016-10761

MEDIUM

CVSS:6.5(Medium)

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

CWE-742016