CVEbaza.plSłownik CWECWE-90
Common Weakness Enumeration

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Kategoria: BaseCVE: 70
Opis

Produkt konstruuje całość lub część zapytania LDAP przy użyciu danych wejściowych ze źródła zewnętrznego, ale nie neutralizuje lub nieprawidłowo neutralizuje znaki specjalne, które mogą zmodyfikować zamierzone zapytanie LDAP wysłane do komponentu podrzędnego. Umożliwia to atakującemu manipulowanie zapytaniami LDAP i uzyskiwanie dostępu do nieautoryzowanych danych lub wykonywania niechcianych operacji.

Description (EN)

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Podatności CVE z CWE-90 (70)
9.8
CVSS
CRITICAL
CVE-2026-44930

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

pub. 2026-05-22
9.8
CVSS
CRITICAL
CVE-2024-54852

Podatność LDAP injection w aplikacji Sismics Teedy (wersje 1.9–1.12) pozwala nieuwierzytelnionemu atakującemu na wstrzyknięcie złośliwych danych do zapytań LDAP poprzez pole nazwy użytkownika w formularzu logowania. Zagrożenie jest krytyczne, ponieważ nie wymaga żadnych uprawnień ani interakcji użytkownika i może prowadzić do pełnego przejęcia systemu.

pub. 2025-01-29
9.8
CVSS
CRITICAL
CVE-2024-33868

W aplikacji Linqi w wersjach przed 1.4.0.1 działających na systemie Windows wykryto podatność typu LDAP injection. Podatność ta umożliwia nieuwierzytelnionemu atakującemu zdalne manipulowanie zapytaniami LDAP, co może prowadzić do nieautoryzowanego dostępu do danych lub przejęcia kontroli nad systemem.

pub. 2024-05-14
9.8
CVSS
CRITICAL
CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

pub. 2021-11-11
9.8
CVSS
CRITICAL
CVE-2011-4069

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

pub. 2018-02-01
9.8
CVSS
CRITICAL
CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

pub. 2017-09-20
9.8
CVSS
CRITICAL
CVE-2017-8790

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

pub. 2017-05-05
9.8
CVSS
CRITICAL
CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

pub. 2017-01-12
9.1
CVSS
CRITICAL
CVE-2026-41919

Podatność typu LDAP Injection w Apache OFBiz pozwala nieuwierzytelnionemu atakującemu zdalnie manipulować zapytaniami LDAP. Wysoki wynik CVSS 9.1 oraz brak wymagań co do uprawnień i interakcji użytkownika czynią tę podatność szczególnie niebezpieczną.

pub. 2026-05-19
9.1
CVSS
CRITICAL
CVE-2024-56841

Moduł Mendix LDAP w wersjach poniżej V1.1.2 jest podatny na LDAP injection. Nieuwierzytelniony zdalny atakujący może ominąć weryfikację nazwy użytkownika, co stanowi poważne zagrożenie dla bezpieczeństwa uwierzytelniania.

pub. 2025-01-14
8.8
CVSS
HIGH
CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users. This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when using DefaultLdapRealm Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.

pub. 2026-06-17
8.8
CVSS
HIGH
CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.

pub. 2026-04-09
8.8
CVSS
HIGH
CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding it into the LDAP search filter. By injecting LDAP control characters, an unauthenticated attacker can manipulate the query logic, which can lead to authentication bypass or information disclosure. Versions 7.15.1 and 8.9.3 patch the issue.

pub. 2026-03-20
8.8
CVSS
HIGH
CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.

pub. 2025-09-09
8.8
CVSS
HIGH
CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

pub. 2023-02-01
8.7
CVSS
HIGH
CVE-2026-40459

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 and 6.4.1

pub. 2026-04-17
8.7
CVSS
HIGH
CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.

pub. 2026-02-07
8.2
CVSS
HIGH
CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap/ldap/v3 library's ldap.EscapeFilter() function being available in the same import. This affects three code paths: the Lookup() filter, the AuthPlain() DN template, and the AuthPlain() filter. An attacker with network access to the SMTP submission or IMAP interface can inject arbitrary LDAP filter expressions through the username field in AUTH PLAIN or LOGIN commands. This enables identity spoofing by manipulating filter results to authenticate as another user, LDAP directory enumeration via wildcard filters, and blind extraction of LDAP attribute values using authentication responses as a boolean oracle or via timing side-channels between the two distinct failure paths. This issue has been fixed in version 0.9.3.

pub. 2026-04-16
8.2
CVSS
HIGH
CVE-2026-34578

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters into the username field of the WebGUI login page to enumerate valid LDAP usernames in the configured directory. When the LDAP server configuration includes an Extended Query to restrict login to members of a specific group, the same injection can be used to bypass that group membership restriction and authenticate as any LDAP user whose password is known, regardless of group membership. This vulnerability is fixed in 26.1.6.

pub. 2026-04-09
8.1
CVSS
HIGH
CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership queries and escalate their privileges to administrator. This vulnerability is fixed in 1.9.0.

pub. 2026-05-12
Pokazano 20 z 70 podatności
Informacje
ID: CWE-90
Typ: Base
Podatności: 70
MITRE CWE ↗
← Słownik CWE
CWE-90 — Nieprawidłowa neutralizacja znaków specjalnych używanych w zapytaniu LDAP ('LDAP Injection') | Słownik CWE | CVEbaza.pl