2 matches found
CVE-2007-3682
OpenLD 1.2.2 and earlier are affected by a SQL injection in index.php via the id parameter, enabling remote attackers to execute arbitrary SQL commands. The issue is explicitly described in CVE-2007-3682 with base metrics indicating high severity (CVSSv2 Base Score 7.5, Impact: Partial confidenti...
CVE-2007-2610
CVE-2007-2610 affects OpenLD prior to 1.1.9 and OpenLD 1.1-modified prior to 1.1-modified3 with a Cross‑Site Scripting (XSS) vulnerability in the Search feature, potentially via the term parameter. The root cause is an input handling flaw that allows injection of arbitrary web script/HTML. Exploi...