Описание
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.9 (включая) до 1.12 (включая)
cpe:2.3:a:sismics:teedy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00626
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-90
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
EPSS
Процентиль: 70%
0.00626
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-90