Vulmon Recent Vulnerabilities Discussions Trends About Contact

sql vulnerabilities and exploits

6.5
CVSSv2
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search...
Sql-ledger
7.5
CVSSv2
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the...
Sql-ledger
5
CVSSv2
CVE-2006-4731
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)....
Dws Systems Inc.Sql-ledgerLedgersmb
7.5
CVSSv2
CVE-2006-5872
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program....
Dws Systems Inc.Sql-ledger
7.5
CVSSv2
CVE-2008-1870
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter....
Geek247Pigmy-sql
3.5
CVSSv2
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts...
Sql-ledger
6.5
CVSSv2
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors....
Dws Systems Inc.Sql-ledgerLedgersmb
7.8
CVSSv2
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length....
Dws Systems Inc.Sql-ledgerLedgersmb
5.1
CVSSv2
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field....
Sql-ledger
7.5
CVSSv2
CVE-2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface....
Sql-ledger
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-4639CVE-2020-8425information disclosureCVE-2013-2764CVE-2014-2897CVE-2019-17026CVE-2020-0609gitlablocal userslogic flaw