CVE-2023-23749 Vulnerability Details

  /     /     /  

CVE-2023-23749 Metadata Quick Info

CVE Published: 17/01/2023 | CVE Updated: 04/08/2024 | CVE Year: 2023
Source: Joomla | Vendor: miniorange | Product: LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login
Status : PUBLISHED

CVE-2023-23749 Description

The \'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login\' extension is vulnerable to LDAP Injection since is not properly sanitizing the \'username\' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: LDAP injection
Source: miniorange

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.