SQL Injection Flaw in SQL-Ledger Affects User Authentication
CVE-2006-4244

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 31 August 2006

What is CVE-2006-4244?

An authentication bypass vulnerability exists in SQL-Ledger versions 2.4.4 through 2.6.17 due to improper verification of session cookies. Remote attackers can exploit this vulnerability by setting the sql-ledger-[username] cookie to match the sessionid parameter. This allows them to gain unauthorized access as any logged-in user, leading to potential data breaches and unauthorized activity within the application.

References

http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&t...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/28671

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/19758

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2006
Vulnerability Reserved
Aug 21, 2006

CVE-2006-4244 Data

JSON

Sql-ledger

What is CVE-2006-4244?

References

Timeline