CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23749 – Extension - miniorange - LDAP Integration - LDAP Injection (username)
https://notcve.org/view.php?id=CVE-2023-23749
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database. La extension 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' es vulnerable a la inyección LDAP ya que no sanitiza adecuadamente el parámetro POST 'username'. Un atacante puede manipular este parámetro para volcar contenidos arbitrarios de la base de datos LDAP. • https://extensions.joomla.org/vulnerable-extensions/resolved/ldap-integration-with-active-directory-and-openldap-ntlm-kerberos-login-5-0-2-other • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •