Описание
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2