Description

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Remediation

References

CVE-2017-14596

Related Vulnerabilities

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.8)

WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1615)

WordPress Plugin WP Gravity Forms Zendesk Cross-Site Scripting (1.0.7)

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Cross-Site Request Forgery (2.9.10)

Severity

Critical

Classification

CVE-2017-14596 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities