Description

This script is possibly vulnerable to LDAP Injection attacks.

Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services. When a web application fails to properly sanitize user-supplied input, it is possible for an attacker to alter the construction of an LDAP statement.

Remediation

Your script should filter metacharacters from user input.

References

LDAP Injection

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2019-12400)

Moodle Improper Input Validation Vulnerability (CVE-2018-1137)

WordPress Plugin Gmedia Photo Gallery Arbitrary File Upload (1.2.1)

WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)

Joomla Improper Input Validation Vulnerability (CVE-2013-3242)

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Tags

LDAP Injection