Critical severity9.8OSV Advisory· Published Jun 14, 2018· Updated Jun 17, 2026
CVE-2018-12421
CVE-2018-12421
Description
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.9, v1.0, v1.1, …+ 1 more
- (no CPE)range: 0.9, v1.0, v1.1, …
- (no CPE)range: <1.3
Patches
Vulnerability mechanics
References
3- lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.htmlnvdMailing ListPatchVendor Advisory
- github.com/ltb-project/self-service-password/issues/209nvdThird Party Advisory
- github.com/ltb-project/self-service-password/issues/211nvdThird Party Advisory
News mentions
0No linked articles in our index yet.