VYPR
Vendor

Ltb Project

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2018-12421CriJun 14, 2018
    risk 0.64cvss 9.8epss 0.03

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

  • CVE-2023-53958HigDec 19, 2025
    risk 0.49cvss 7.5epss 0.00

    LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling…

  • CVE-2023-49032Dec 20, 2023
    risk 0.00cvss epss 0.01

    An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.