Arbitrary Code Execution Vulnerability in LedgerSMB and SQL-Ledger by Vendor Form.pm
CVE-2007-0667

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger; Ledgersmb
Vendor: CVE Published:; 2 February 2007

What is CVE-2007-0667?

The redirect function in Form.pm allows remote authenticated users to execute arbitrary code in LedgerSMB versions prior to 1.1.5 and SQL-Ledger. This vulnerability is linked to the handling of redirects and callbacks, which could be exploited by attackers to manipulate the application flow and execute malicious commands.

References

http://www.securityfocus.com/archive/1/458464/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/459264/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/2217

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2007
Vulnerability Reserved
Feb 2, 2007

CVE-2007-0667 Data

JSON

Sql-ledger

What is CVE-2007-0667?

References

Timeline