Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2017-14596)

Description

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Remediation

References

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2014-2020)

WebLogic CVE-2022-21252 Vulnerability (CVE-2022-21252)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)

WordPress Plugin Complianz-GDPR/CCPA Cookie Consent Cross-Site Scripting (6.4.1)

WordPress Plugin Child Themes Helper Multiple Vulnerabilities (2.0)

Severity

Critical

Classification

CVE-2017-14596 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities