Directory Traversal in SQL-Ledger and LedgerSMB by Perl
CVE-2007-1329

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger; Ledgersmb
Vendor: CVE Published:; 7 March 2007

What is CVE-2007-1329?

A directory traversal vulnerability in SQL-Ledger and LedgerSMB allows remote attackers to read and overwrite arbitrary files. This flaw can be exploited by leveraging dot characters adjacent to 'users' and 'users/members' strings, which are improperly sanitized. As a result, attackers can manipulate these strings to access unintended files on the server and execute arbitrary code, placing systems at severe risk.

References

http://secunia.com/advisories/24363

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/33619

vdb-entryx_refsource_OSVDB

http://osvdb.org/33621

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2007
Vulnerability Reserved
Mar 7, 2007

CVE-2007-1329 Data

JSON

Sql-ledger

What is CVE-2007-1329?

References

Timeline