Podatność CVE-2023-3447
Publikacja: 2023-06-29

Opis:
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.

Typ:

CWE-90

 (Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection'))

 Referencje:
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail
=
Copyright 2024, cxsecurity.com

 

Back to Top