Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 43 |
|---|---|---|---|---|
 | Joomla 3.7.5 LDAP Injection Vulnerability | 25 Sep 201700:00 | – | zdt |
 | CVE-2017-14596 | 20 Sep 201719:26 | – | circl |
 | LDAP Injection Vulnerability in Joomla! | 21 Sep 201700:00 | – | cnvd |
 | Joomla LDAP Information Disclosure (CVE-2017-14596) | 26 Sep 201700:00 | – | checkpoint_advisories |
 | CVE-2017-14596 | 20 Sep 201718:00 | – | cvelist |
 | EUVD-2017-6097 | 7 Oct 202500:30 | – | euvd |
 | [20170902] - Core - LDAP Information Disclosure | 27 Jul 201700:00 | – | joomla |
| [20171101] - Core - LDAP Information Disclosure | 6 Oct 201700:00 | – | joomla |
 | Joomla! 1.5.0 < 3.8.0 Multiple Vulnerabilities | 21 Sep 201700:00 | – | nessus |
| Joomla! 1.5.0 < 3.8.2 Multiple Vulnerabilities | 9 Nov 201700:00 | – | nessus |
10
Node
OROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROR
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| credentials | request body | administrator/components/com_login/controller.php | LDAP injection potential in login flow via unsanitized username embedded into LDAP query | CWE-90 |
| credentials | nested | libraries/cms/application/cms.php | LDAP authentication path passes credentials to authentication layer which may be tainted by LDAP injection | CWE-90 |
| options | nested | libraries/cms/application/cms.php | LDAP authentication path passes credentials to authentication layer which may be tainted by LDAP injection | CWE-90 |
| credentials | nested | libraries/joomla/authentication/authentication.php | Authentication flow forwards credentials to LDAP plugin which may inject into LDAP query | CWE-90 |
| options | nested | libraries/joomla/authentication/authentication.php | Authentication flow forwards credentials to LDAP plugin which may inject into LDAP query | CWE-90 |
| response | nested | libraries/joomla/authentication/authentication.php | Authentication flow forwards credentials to LDAP plugin which may inject into LDAP query | CWE-90 |
| credentials | nested | plugins/authentication/ldap/ldap.php | LDAP plugin onUserAuthenticate passes credentials into LDAP search where unsanitized input can affect ldap_search | CWE-90 |
| options | nested | plugins/authentication/ldap/ldap.php | LDAP plugin onUserAuthenticate passes credentials into LDAP search where unsanitized input can affect ldap_search | CWE-90 |
| response | nested | plugins/authentication/ldap/ldap.php | LDAP plugin onUserAuthenticate passes credentials into LDAP search where unsanitized input can affect ldap_search | CWE-90 |
| search | nested | libraries/vendor/joomla/ldap/src/LdapClient.php | LdapClient::simple_search builds LDAP filters from input that can be tainted by user-provided credentials | CWE-90 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 01:06Current
9.2High risk
Vulners AI Score9.2
CVSS 25
CVSS 39.8
EPSS0.06333