The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing malicious users to perform a LDAP injection and obtain sensitive information via a crafted POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rconfig rconfig 3.9.5 |