SQL Injection Vulnerabilities in SQL-Ledger by LedgerSMB
CVE-2009-3582

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 23 December 2009

What is CVE-2009-3582?

SQL-Ledger 2.8.24 is susceptible to multiple SQL injection vulnerabilities, specifically within the delete subroutine. These weaknesses permit remote authenticated users to execute arbitrary SQL commands through manipulation of the id and potentially the db parameters during a Delete action initiated from the Vendors>Reports>Search interface. This allows unauthorized alterations to database content, posing significant security risks.

References

http://www.securityfocus.com/archive/1/508559/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/54966

vdb-entryx_refsource_XF

http://secunia.com/advisories/37877

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2009
Vulnerability Reserved
Oct 7, 2009

CVE-2009-3582 Data

JSON

Sql-ledger

What is CVE-2009-3582?

References

Timeline