Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Remediation

References

CVE-2014-9043

Related Vulnerabilities

WordPress 6.5.x Multiple Vulnerabilities (6.5 - 6.5.4)

WordPress Plugin mySTAT 'mystat.php' SQL Injection (2.6)

WordPress Plugin Consulting Elementor Widgets Local File Inclusion (1.3.0)

WordPress Plugin WP Session Manager SQL Injection (1.2.1)

Internet Information Services Other Vulnerability (CVE-2000-0884)

Severity

Medium

Classification

CVE-2014-9043 CWE-287

Tags

Missing Update Known Vulnerabilities