Philipp Schüle

1 exploit Active since May 2024
CVE-2024-36070 WRITEUP HIGH WRITEUP
tine < 2023.11.8 - Unauthenticated Sensitive Information Exposure via Setup.php
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
CVSS 7.5