Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LTB Self Service Password 安全漏洞
Vulnerability Description
LTB(又名LDAP Tool Box)Self Service Password是一款支持通过Web界面更改和重置LDAP目录中密码的工具。 LTB Self Service Password 1.3之前版本中存在安全漏洞,该漏洞源于程序没有正确的处理ldap_bind的返回值并且没有将PHP数据类型限制为字符串。攻击者可通过发送特制的POST请求利用该漏洞更改用户密码(无需之前的密码)。
CVSS Information
N/A
Vulnerability Type
N/A