2 matches found
CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...
CVE-2023-23749
The CVE-2023-23749 entry concerns the Joomla extension “LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login.” The root cause is improper sanitization of the POST username parameter, enabling LDAP Injection and allowing an attacker to dump arbitrary contents from the LDAP d...