The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Joomla
Published: 2023-01-17T19:38:22.103Z
Updated: 2024-08-04T08:42:48.211Z
Reserved: 2023-01-17T19:02:50.302Z
Link: CVE-2023-23749
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-17T20:15:11.983
Modified: 2024-11-21T07:46:45.430
Link: CVE-2023-23749
Redhat
No data.