Ltb-Project: Security Vulnerabilities
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.
CVSS Score
9.8
EPSS Score
0.024
Published
2023-12-21
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-06-14