CVE-2024-23333 – CVE-2024-23333 is a path injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-23333?

CVE-2024-23333 has a CVSS score of 7.9 (HIGH). CVE-2024-23333 is a path injection vulnerability in LDAP Account Manager (LAM) that allows authenticated attackers to write arbitrary PHP code to web-accessible directories, leading to remote code execution. This affects LAM installations prior to version 8.7 where attackers have configuration access. Organizations using vulnerable LAM versions for LDAP management are at risk.

📋 TL;DR

CVE-2024-23333 is a path injection vulnerability in LDAP Account Manager (LAM) that allows authenticated attackers to write arbitrary PHP code to web-accessible directories, leading to remote code execution. This affects LAM installations prior to version 8.7 where attackers have configuration access. Organizations using vulnerable LAM versions for LDAP management are at risk.

💻 Affected Systems

Products:

LDAP Account Manager (LAM)

Versions: All versions prior to 8.7

Operating Systems: All platforms running LAM

Default Config Vulnerable: ✅ No

Notes: Requires attacker knowledge of master configuration password and web server write access to web-accessible directory.

📦 What is this software?

Ldap Account Manager by Ldap Account Manager

View all CVEs affecting Ldap Account Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to execute arbitrary commands, access LDAP data, and pivot to other systems.

🟠

Likely Case

Unauthorized PHP file creation leading to limited code execution within web server context, potentially exposing LDAP directory contents.

🟢

If Mitigated

No impact if proper access controls prevent unauthorized configuration changes and web directories are not writable.

🌐 Internet-Facing: MEDIUM - Requires authenticated access to configuration and writable web directory, but internet exposure increases attack surface.

🏢 Internal Only: MEDIUM - Internal attackers with configuration access could exploit, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to LAM configuration and ability to write to web-accessible directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.7

Vendor Advisory: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv

Restart Required: Yes

Instructions:

1. Backup current LAM configuration and data. 2. Download LAM 8.7 from official repository. 3. Replace existing installation with new version. 4. Restart web server service. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict Configuration Access

all

Limit access to LAM configuration pages to authorized administrators only using web server access controls.

# Example Apache configuration
<Location /lam/config>
    Require valid-user
    AuthType Basic
    AuthName "LAM Configuration"
    AuthUserFile /etc/apache2/.htpasswd
</Location>

Secure Log Directory Permissions

linux

Ensure LAM log directories are not web-accessible and have restrictive permissions.

chmod 750 /var/log/lam
chown www-data:www-data /var/log/lam

🧯 If You Can't Patch

Implement strict access controls on LAM configuration interface
Ensure web server cannot write to any web-accessible directories

🔍 How to Verify

Check if Vulnerable:

Check LAM version in web interface or configuration files. Versions below 8.7 are vulnerable.

Check Version:

grep 'version' /usr/share/lam/config/config.cfg | head -1

Verify Fix Applied:

Verify LAM version is 8.7 or higher and test that log configuration cannot specify arbitrary paths.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to LAM configuration pages
Unusual PHP file creation in web directories
Changes to LAM log configuration

Network Indicators:

HTTP requests to unusual PHP files in LAM directories
POST requests to configuration endpoints from unauthorized sources

SIEM Query:

source="web_access.log" AND (uri="/lam/config/*" OR uri="*.php" AND referer="/lam/")

📊 Metadata

CVE ID: CVE-2024-23333

CVSS v3 Score: 7.9 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H

CWE: CWE-74

Published: March 18, 2024

Last Updated: December 23, 2025

🔗 References

https://github.com/LDAPAccountManager/lam/releases/tag/8.7 Product,Release Notes
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv Vendor Advisory
https://github.com/LDAPAccountManager/lam/releases/tag/8.7 Product,Release Notes
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23333, you might also want to check these: