An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
LDAP injection (CWE-90) occurs when user-supplied input is not properly filtered or escaped before being included in LDAP queries. An attacker can craft malicious input that modifies the logic of the LDAP query sent by the application to the directory server. As a result, it is possible to bypass authentication mechanisms, gain access to unauthorized resources, or read sensitive data from the LDAP directory. The attack vector is network-based, requires no authentication or user interaction.
An attacker can gain unauthorized access to sensitive data stored in the LDAP directory, bypass authentication mechanisms, and potentially modify data or compromise system integrity and availability (CVSS C:H/I:H/A:H).
The Linqi application should be updated to version 1.4.0.1 or newer. Detailed information about the security update is available in the manufacturer's documentation at https://linqi.help/Updates/en#/SecurityUpdates.
Linqi application in versions before 1.4.0.1 running on Microsoft Windows system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinqi
APPLinqi< 1.4.0.1Microsoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit