Headline
CVE-2023-23749: Joomla.org
The ‘LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login’ extension is vulnerable to LDAP Injection since is not properly sanitizing the ‘username’ POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database.
Details
Category: Resolved Extensions
Published: 15 January 2023
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, 3rd party extension, Other
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos LoginVersion:
Old 5.0.2 / New 6.0.0
Update details: This is to inform you that a security update for version 5.0.2 of LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login has been released. The updated version of 6.0.0 contains the fix