CVE-2024-54852

CRITICAL

9.8

Description

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/29/2025

Last Modified5/24/2025

Sourcenvd

Honeypot Sightings0

Affected Products

sismics:teedy

Weaknesses (CWE)

CWE-90

References

https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md(cve@mitre.org)

https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.