The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
References
Configurations
Configuration 1 (hide)
|
History
27 Jan 2023, 18:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other/ - Third Party Advisory | |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:miniorange:ldap_integration_with_active_directory_and_openldap:5.0.2:*:*:*:*:joomla\!:*:* | |
First Time |
Miniorange
Miniorange ldap Integration With Active Directory And Openldap |
17 Jan 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-17 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23749
Mitre link : CVE-2023-23749
CVE.ORG link : CVE-2023-23749
JSON object : View
Products Affected
miniorange
- ldap_integration_with_active_directory_and_openldap
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')