Vulnerabilities

CVE-2018-12421

by Fred · 14/06/2018

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

Date published : 2018-06-14

https://github.com/ltb-project/self-service-password/issues/209

https://github.com/ltb-project/self-service-password/issues/211

Similar

Tags: Cybersecurity Alert