cve/CVE-2019-16374.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.

POC

Reference

No PoCs from references.

Github

https://github.com/0xT11/CVE-POC
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hectorgie/PoC-in-GitHub

768 B Raw Blame History

CVE-2019-16374

Description

POC

Reference

Github

768 B

Raw Blame History