Multiple vulnerabilities was discovered and corrected in phpldapadmin:

Input appended to the URL in cmd.php (when cmd is set to _debug)
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site (CVE-2011-4074).

Input passed to the orderby parameter in cmd.php (when cmd is set
to query_engine, query is set to none, and search is set to e.g. 1)
is not properly sanitised in lib/functions.php before being used in
a create_function() function call. This can be exploited to inject
and execute arbitrary PHP code (CVE-2011-4075).

The updated packages have been upgraded to the latest version (1.2.2)
which is not vulnerable to these issues.