Описание
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:miniorange:ldap_integration_with_active_directory_and_openldap:5.0.2:*:*:*:*:joomla\!:*:*
EPSS
Процентиль: 32%
0.00123
Низкий
7.5 High
CVSS3
Дефекты
CWE-74
CWE-74
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
EPSS
Процентиль: 32%
0.00123
Низкий
7.5 High
CVSS3
Дефекты
CWE-74
CWE-74