Risk of LDAP Injection

[SDT]

CMS has a  RISK Of LDAP injection how tosolve this issue

[Randy Calvert]

Question 1… are you using LDAP authentication?  

Based on your post history, it looks like you are running some sort of automated scanning service against your site.  A lot of the things you are describing/reporting sound like false positives. 

In order for IPS to help however, it needs a LOT more info. “CMS” is a rather large application. Simply saying there is a vulnerability somewhere in it is like saying someone is sick somewhere in the city of New York or London.  

What specific file?  Does it reference what code is problematic?  Under what circumstances can the exploit be triggered?  

I’m almost willing to bet what it is thinking is a vulnerability is actually not an issue and is either the scanner not understanding it or it is detecting a server configuration issue itself. 

[SDT]

Dear Team ,

PFA while inserting these value I got 2 result Found .Please help us in resolving this query. Is it any way to white list only specific accepted values?

 

 

 

Edited December 22, 2023 by SDT

[Jim M]

I'm not sure what you mean here. The search would safely strip any SQL injection if that's what you're meaning.

[Randy Calvert]

There is no risk from SEARCHING the term.  There is a risk if the server processes it, which it does not.  IPB safely will not EXECUTE any code entered into the search form.  But there is nothing wrong or unsafe searching it.