Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2017-14596)

Description

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Remediation

References

Related Vulnerabilities

MediaWiki Improper Authentication Vulnerability (CVE-2011-1766)

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2017-20101)

Oracle Application Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-38002)

Oracle Database Server CVE-2009-1018 Vulnerability (CVE-2009-1018)

Severity

Critical

Classification

CVE-2017-14596 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities