40 vulnerabilities classified as CWE-90 (LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)). AI Chinese analysis included.
CWE-90 represents a critical input validation weakness where applications construct Lightweight Directory Access Protocol queries using untrusted user data without properly sanitizing special characters. Attackers typically exploit this vulnerability by injecting malicious LDAP syntax, such as logical operators or wildcards, into input fields like usernames or search filters. This manipulation allows adversaries to bypass authentication mechanisms, extract sensitive directory information, or alter query logic to gain unauthorized access. To prevent LDAP injection, developers must strictly enforce input validation by rejecting unexpected characters and employing parameterized queries or safe API wrappers that treat user input as data rather than executable code. Additionally, implementing least-privilege principles for service accounts and conducting regular code reviews ensures that dynamic query construction remains secure against malicious manipulation.
context = new InitialDirContext(env); String searchFilter = "StreetAddress=" + address; NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);Vulnerabilities classified as CWE-90 (LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)) represent 40 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.