CVE-2024-54852

Critical CVSS: 9.8

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.

Vendor

Sismics

Product

Teedy

CWE

CWE-90

Yayın Tarihi

2025-01-29 22:15:29

Güncelleme

2025-05-24 01:14:43

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-90 Teedy CRITICAL Sismics 2025

Referanslar

https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md

Benzer Kayıtlar

Medium

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of th…

High

CVE-2024-54851

Teedy

High

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.