CVE-2024-54852

Name of the Vulnerable Software and Affected Versions Teedy versions 1.9 through 1.12

Description The issue arises when the LDAP connection is activated, allowing an unauthenticated attacker to exploit the username field of the login form due to improper sanitization of user input. This enables the attacker to perform malicious actions, such as creating arbitrary accounts and spraying passwords.

Recommendations Teedy versions 1.9 through 1.12: Update the LDAP connection settings to properly sanitize user input, specifically the username field, to prevent LDAP injection attacks. Ensure that all user input is validated and sanitized before being processed by the LDAP connection.