1 results (0.004 seconds)
CVSS: 9.8EPSS: 13%CPEs: 17EXPL: 1
CVSS: 9.8EPSS: 13%CPEs: 17EXPL: 1CVE-2022-29155 – Ubuntu Security Notice USN-5424-2
https://notcve.org/view.php?id=CVE-2022-29155
04 May 2022 — In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. En OpenLDAP versiones 2.x anteriores a 2.5.12 y versiones 2.6.x anteriores a 2.6.2, se presenta una vulnerabilidad de inyección SQL en el backend experimental back-sql de slapd, por medio de una sentencia SQL dentr... • https://bugs.openldap.org/show_bug.cgi?id=9815 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •