Property
Languagecsharp
Severitymedium
CWECWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASPA01:2017 - Injection
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description#

The code builds LDAP queries by directly including user input without proper validation or encoding. This allows attackers to inject malicious LDAP statements into queries.

Impact#

If exploited, an attacker could access, modify, or delete sensitive directory data by manipulating LDAP queries, potentially leading to unauthorized access, data leaks, or compromised user accounts within your application.