24 matches found
Security feature bypass
CITSmart before 9.1.2.23 allows LDAP Injection...
CVE-2020-35775
CITSmart before 9.1.2.23 allows LDAP Injection...
CVE-2020-35775
CVE-2020-35775 affects CITSmart ITSM prior to 9.1.2.23. The issue is an LDAP injection leading to authentication bypass: the login logic returns the last user from an LDAP search instead of the intended one, allowing login with a known account without the target password. Affected versions are = ...
CITSmart 注入漏洞
CITSmart is an application from CITSmart Portugal. It provides all the processes for designing an organization. An injection vulnerability exists in CITSmart versions prior to 9.1.2.23, which arises from a lack of proper validation of user input data by a networked system or product during the...