CVE-2023-53958

HIGH

LDAP Tool Box Self Service Password 1.5.2 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53958. PoCs published by Tahar BENNACEF.

AI-analyzed exploit summary This writeup describes an HTTP Host header vulnerability in LDAP Tool Box Self Service Password v1.5.2, allowing an attacker to tamper with password-reset emails and steal valid reset tokens for account takeover.

Description

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.

Exploits (1)

exploitdb WRITEUP
by Tahar BENNACEF · textwebappsphp
https://www.exploit-db.com/exploits/51275

This writeup describes an HTTP Host header vulnerability in LDAP Tool Box Self Service Password v1.5.2, allowing an attacker to tamper with password-reset emails and steal valid reset tokens for account takeover.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: LDAP Tool Box Self Service Password v1.5.2
No auth needed
Prerequisites: Access to the target application · Ability to intercept/modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0035
EPSS Percentile 26.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-640
Status published
Products (1)
ltb-project/LDAP Tool Box Self Service Password 1.5.2
Published Dec 19, 2025
Tracked Since Feb 18, 2026