CVE-2015-10027

CVSS v2.0

4.9

Medium

Vector

AV:A/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions hydrian TTRSS-Auth-LDAP versions prior to 2.0b1

Description A problematic issue has been found in the Username Handler component, leading to ldap injection. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The manipulation of the username variable can lead to ldap injection.

Recommendations For versions prior to 2.0b1, upgrade to version 2.0b1 to address this issue. As a temporary workaround, consider restricting the use of the Username Handler component until a patch is applied.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-90CWE-74

Related Identifiers

CVE-2015-10027

Affected Products

Ttrss-Auth-Ldap

CVE-2015-10027

Weakness Enumeration

Related Identifiers

Affected Products

References · 8