CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

56 vulnerabilities with CWE-90
CVE-2016-8750 MEDIUM
Apache Karaf <4.0.8 - DoS
CVSS 6.5
CVE-2016-9870 MEDIUM
EMC Isilon Onefs - LDAP Injection
CVSS 6.7
CVE-2016-9299 CRITICAL
Jenkins <2.32-2.19.3 - RCE
CVSS 9.8
CVE-2015-10027 MEDIUM
hydrian TTRSS-Auth-LDAP <2.0b1 - LDAP Injection
CVSS 5.5
CVE-2015-7294 HIGH
Ldapauth-fork < 2.3.3 - LDAP Injection
CVSS 7.5
CVE-2011-4069 CRITICAL
PacketFence <3.0.2 - Command Injection
CVSS 9.8
Details
Vulnerabilities 56
Links
MITRE CWE Entry Search this CWE With Exploits