The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2023-01-17T19:38:22.103Z

Updated: 2024-08-04T08:42:48.211Z

Reserved: 2023-01-17T19:02:50.302Z

Link: CVE-2023-23749

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-17T20:15:11.983

Modified: 2024-11-21T07:46:45.430

Link: CVE-2023-23749

cve-icon Redhat

No data.