Ltb Project

ltb-project

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Ldap Tool Box Self Service Password

ldap_tool_box_self_service_password

1 CVE

Self Service Password

self_service_password

1 CVE

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49032 1Ltb Project 1Self Service Password Apr 24, 2025 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.
CVE-2018-12421 1Ltb Project 1Ldap Tool Box Self Service Password Nov 21, 2024 Jun 14, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data...Show more LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-49032

1Ltb Project

1Self Service Password

Apr 24, 2025

Dec 21, 2023

N/A· v4

9.8 CRITICAL· v3

N/A· v2

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.

CVE-2018-12421

1Ltb Project

1Ldap Tool Box Self Service Password

Nov 21, 2024

Jun 14, 2018

N/A· v4

9.8 CRITICAL· v3

5.0 MEDIUM· v2

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data...Show more