Vulnerability Details CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 9.8
References