Vulnerabilities > CVE-2014-5114 - Remote Security vulnerability in Webidsupport Webid 1.1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

webidsupport

NVD

Published: 2014-07-29

Updated: 2014-07-30

Summary

WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. <a href="http://cwe.mitre.org/data/definitions/90.html" target="_blank">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>

Vulnerable Configurations

Part	Description	Count
Application	Webidsupport Webidsupport Webid 1.1.1	1

References

http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html
http://www.securityfocus.com/bid/68519