← Retour aux CVEs

CVE-2018-12421

N/A

Description

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

Details CVE

Score CVSS v3.1N/A

Publie6/14/2018

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

ltb-project:ldap_tool_box_self_service_password

Faiblesses (CWE)

CWE-640

References

https://github.com/ltb-project/self-service-password/issues/209(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/211(cve@mitre.org)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/209(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/ltb-project/self-service-password/issues/211(af854a3a-2127-422b-91ae-364da2661108)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.