Directory Traversal Vulnerability in SQL-Ledger and LedgerSMB
CVE-2007-1540

Currently unrated

Key Information:

Vendor

Sql-ledger

Status
Sql-ledger
Ledgersmb
Vendor
CVE Published:
20 March 2007

What is CVE-2007-1540?

A directory traversal vulnerability exists in the am.pl script used by SQL-Ledger and LedgerSMB, which could allow remote attackers to execute arbitrary commands and bypass authentication. This vulnerability involves the misuse of dot dot (..) sequences in the login parameter, potentially enabling unauthorized access and manipulation of system files. Although reported fixes have been applied, third-party researchers have indicated that the issue may persist, allowing attackers to exploit the vulnerability despite error messages.

References

http://secunia.com/advisories/24560
third-party-advisoryx_refsource_SECUNIA
http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title...
x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=4...
x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.