← Volver a CVEs

CVE-2018-12421

N/A

Descripcion

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado6/14/2018

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

ltb-project:ldap_tool_box_self_service_password

Debilidades (CWE)

CWE-640

Referencias

https://github.com/ltb-project/self-service-password/issues/209(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/211(cve@mitre.org)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/209(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/ltb-project/self-service-password/issues/211(af854a3a-2127-422b-91ae-364da2661108)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.