Directory Traversal in SQL-Ledger by SQL-Ledger
CVE-2007-1541

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 20 March 2007

What is CVE-2007-1541?

A directory traversal vulnerability exists in the login script of SQL-Ledger 2.6.27. The script inadequately validates user input, specifically failing to properly handle NULL characters, which could allow a remote attacker to bypass authentication mechanisms and execute arbitrary code on the server. By exploiting this flaw with a crafted request that includes a '..' (dot dot) sequence in the login parameter, an attacker may gain unauthorized access to the system, potentially leading to further compromises.

References

http://secunia.com/advisories/24560

third-party-advisoryx_refsource_SECUNIA

http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title...

x_refsource_MISC

http://www.vupen.com/english/advisories/2007/1025

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2007
Vulnerability Reserved
Mar 20, 2007

CVE-2007-1541 Data

JSON

Sql-ledger

What is CVE-2007-1541?

References

Timeline