📄 WebADM 2.4.17-1 Password Hash Disclosure

WebADM version 2.4.17-1 contains an authenticated information disclosure vulnerability in the LDAP search functionality. The display parameter in search.php accepts any LDAP attribute without server-side validation. A low-privileged admin can retrieve SSHA password hashes for all LDAP users...