Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-90

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

64 vulnerabilities with CWE-90

CVE-2025-67493 HIGH

homarr < 1.45.3 - Authenticated Privilege Escalation via LDAP Query Injection

CVE-2025-12764 HIGH

pgAdmin <= 9.9 - LDAP Injection via Username Parameter

CVE-2025-35431 MEDIUM

CISA Thorium 1.0.0-1.1.0 - Authenticated LDAP Injection

CVE-2025-48208 HIGH

Apache HertzBeat <= 1.7.2 - Authenticated LDAP Injection via Custom Commands

CVE-2025-52575 MEDIUM

EspoCRM < 9.1.7 - Unauthenticated Blind LDAP Injection via Wildcard Character

CVE-2025-4573 MEDIUM

Mattermost 9.11.0-9.11.13 10.5.0-10.5.4 10.6.0-10.6.3 10.7.0-10.7.1 - LDAP Injection via Group ID

CVE-2025-27686 LOW

Dell Unisphere for PowerMax < 9.2.4.15 - Authenticated LDAP Injection

CVE-2025-27631 MEDIUM

Hitachi Energy TRMTracker 6.2-6.2.03 and 6.3 - LDAP Injection

CVE-2024-54852 CRITICAL

Teedy 1.9-1.12 - Unauthenticated LDAP Injection via Login Username Field

CVE-2024-56841 HIGH

Mendix LDAP <V1.1.2 - LDAP Injection

CVE-2024-27310 MEDIUM

Zoho ManageEngine ASDSelfService Plus <6401 - DoS

CVE-2024-33868 CRITICAL

linqi < 1.4.0.1 - LDAP Injection

CVE-2023-51446 MEDIUM

GLPI 0.70-10.0.11 - LDAP Injection via Authentication Form

CVE-2023-31025 MEDIUM

NVIDIA DGX A100 BMC - Info Disclosure

CVE-2023-29050 HIGH

LDAP contacts provider - Info Disclosure

CVE-2023-6905 MEDIUM

Jahastech NxFilter 4.3.2.5 - LDAP Injection in Bind Request Handler

CVE-2023-3447 HIGH

Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated LDAP Injection via Username Parameter

CVE-2023-28853 HIGH

Mastodon <3.5.8, <4.0.4, <4.1.2 - SQL Injection

CVE-2022-4254 HIGH

sssd 1.15.3-2.3.1 - LDAP Injection via Certificate Data in LDAP Filters

CVE-2022-45910 MEDIUM

Apache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors

CVE-2021-43782 MEDIUM

Tuleap < 13.2.99.83 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

CVE-2021-41276 MEDIUM

Tuleap < 13.2.99.31 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

CVE-2021-43350 CRITICAL

Apache Traffic Control - Info Disclosure

CVE-2021-41232 HIGH

Thunderdome <1.16.3 - Command Injection

CVE-2021-32651 LOW

OneDev <4.4.1 - Blind LDAP Injection

Previous Page 2 of 3 Next

Details

Vulnerabilities 64

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy