CVE-2014-6632

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

Published: Oct 8, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-6632
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
Joomla / joomla	2.5.19	2.5.19.x
Joomla / joomla	2.5.7	2.5.7.x
Joomla / joomla	2.5.17	2.5.17.x
Joomla / joomla	3.3.3	3.3.3.x
Joomla / joomla	3.2.1	3.2.1.x
Joomla / joomla	2.5.22	2.5.22.x
Joomla / joomla	2.5.8	2.5.8.x
Joomla / joomla	3.3.1	3.3.1.x
Joomla / joomla	3.2.2	3.2.2.x
Joomla / joomla	2.5.15	2.5.15.x
Joomla / joomla	2.5.2	2.5.2.x
Joomla / joomla	2.5.13	2.5.13.x
Joomla / joomla	2.5.11	2.5.11.x
Joomla / joomla	2.5.23	2.5.23.x
Joomla / joomla	2.5.1	2.5.1.x
Joomla / joomla	2.5.21	2.5.21.x
Joomla / joomla	3.3.0	3.3.0.x
Joomla / joomla	2.5.20	2.5.20.x
Joomla / joomla	2.5.3	2.5.3.x
Joomla / joomla	2.5.10	2.5.10.x
Joomla / joomla	2.5.9	2.5.9.x
Joomla / joomla	2.5.4	2.5.4.x
Joomla / joomla	2.5.16	2.5.16.x
Joomla / joomla	3.2.3	3.2.3.x
Joomla / joomla	3.2.0	3.2.0.x
Joomla / joomla	2.5.6	2.5.6.x
Joomla / joomla	2.5.14	2.5.14.x
Joomla / joomla	2.5.12	2.5.12.x
Joomla / joomla	3.3.2	3.3.2.x
Joomla / joomla	2.5.5	2.5.5.x
Joomla / joomla	2.5.0	2.5.0.x
Joomla / joomla	2.5.24	2.5.24.x

Vulnerability Database

CVE-2014-6632