PT-2023-10206 · Hydrian · Ttrss-Auth-Ldap

14Hydrian

Publicado

2023-01-07

Atualizado

2024-05-17

CVE-2015-10027

CVSS v2.0

4.9

Média

Vetor

AV:A/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions hydrian TTRSS-Auth-LDAP versions prior to 2.0b1

Description A problematic issue has been found in the Username Handler component, leading to ldap injection. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The manipulation of the username variable can lead to ldap injection.

Recommendations For versions prior to 2.0b1, upgrade to version 2.0b1 to address this issue. As a temporary workaround, consider restricting the use of the Username Handler component until a patch is applied.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-90CWE-74

Identificadores relacionados

CVE-2015-10027

Produtos afetados

Ttrss-Auth-Ldap

PT-2023-10206 · Hydrian · Ttrss-Auth-Ldap

CVE-2015-10027

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8