Vulnerability Details CVE-2021-3027
app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
- https://github.com/LibrIT/passhport/pull/562
- https://jorgectf.gitlab.io/disclosure/cve-2021-3027/
- https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
- https://github.com/LibrIT/passhport/pull/562
- https://jorgectf.gitlab.io/disclosure/cve-2021-3027/