Описание
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
EPSS
8.6 High
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
Уязвимость плагина Active Directory Integration / LDAP Integration системы управления содержимым сайта WordPress, связанная с непринятием мер по нейтрализации специальных элементов в запросе LDAP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
8.6 High
CVSS3
7.5 High
CVSS3