WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. <a href"http://cwe.mitre.org/data/definitions/90.html" target"_blank">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>
Publication date: Tue, 29 Jul 2014 19:55:00 +0000