CVE-2017-14596
CRITICALJoomla! - LDAP Injection via Authentication Plugin
Title source: llmDescription
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039407
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100898
Scores
CVSS v3
9.8
EPSS
0.0633
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-90
Status
published
Products (50)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 40 more
Published
Sep 20, 2017
Tracked Since
Feb 18, 2026