SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | 2.6.15 |
| sql-ledger | sql-ledger | 2.4.4 |
| sql-ledger | sql-ledger | 2.6.9 |
| sql-ledger | sql-ledger | 2.4.13 |
| sql-ledger | sql-ledger | 2.4.10 |
| sql-ledger | sql-ledger | 2.6.10 |
| sql-ledger | sql-ledger | 2.4.11 |
| sql-ledger | sql-ledger | 2.4.8 |
| sql-ledger | sql-ledger | 2.4.6 |
| sql-ledger | sql-ledger | 2.6.13 |
| sql-ledger | sql-ledger | 2.4.5 |
| sql-ledger | sql-ledger | 2.6.0 |
| sql-ledger | sql-ledger | 2.4.16 |
| sql-ledger | sql-ledger | 2.4.12 |
| sql-ledger | sql-ledger | 2.6.11 |
| sql-ledger | sql-ledger | 2.6.12 |
| sql-ledger | sql-ledger | 2.4.7 |
| sql-ledger | sql-ledger | 2.4.14 |
| sql-ledger | sql-ledger | 2.4.15 |
| sql-ledger | sql-ledger | 2.6.5 |
| sql-ledger | sql-ledger | 2.6.7 |
| sql-ledger | sql-ledger | 2.4.9 |
| sql-ledger | sql-ledger | 2.6.14 |
| sql-ledger | sql-ledger | 2.6.17 |
| sql-ledger | sql-ledger | 2.6.8 |
| sql-ledger | sql-ledger | 2.6.4 |
| sql-ledger | sql-ledger | 2.6.3 |
| sql-ledger | sql-ledger | 2.6.6 |
| sql-ledger | sql-ledger | 2.6.16 |
| sql-ledger | sql-ledger | 2.6.2 |
| sql-ledger | sql-ledger | 2.6.1 |
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | * |
| ledgersmb | ledgersmb | * |
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | 2.6.27 |
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | - |
| ledgersmb | ledgersmb | * |
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | * |
| ledgersmb | ledgersmb | * |
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sql-ledger | sql-ledger | * |
| ledgersmb | ledgersmb | * |