GHSA-2R4P-JPMG-48F4 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

PT-2023-7946 · Php +3 · Php +3

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.10 Description: The issue is related to incorrect neutralization of special elements in output, which can allow a remote attacker to execute arbitrary code. The LDAP server configuration form can be used to...