Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Huntflow Enterprise 注入漏洞
Vulnerability Description
Huntflow Enterprise是俄罗斯Huntflow公司的一个高效招聘软件。 Huntflow Enterprise 存在注入漏洞,该漏洞源于 3.10.6 版本之前的 Huntflow Enterprise 中 /account/login 中的 LDAP 注入漏洞可能允许未经身份验证的远程用户修改 LDAP 查询的逻辑并绕过身份验证。 该漏洞是由于在使用电子邮件参数构建 LDAP 查询之前对电子邮件参数的服务器端验证不充分。 攻击者可以通过发送具有有效密码但电子邮件参数中包含通配符的登录尝试
CVSS Information
N/A
Vulnerability Type
N/A