Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-5372 sql injection for authenticated users

Related Vulnerabilities: CVE-2007-5372  

Source

Debian Bug report logs - #446366
CVE-2007-5372 sql injection for authenticated users

version graph

Package: sql-ledger; Maintainer for sql-ledger is Robert James Clay <jame@rocasa.us>; Source for sql-ledger is src:sql-ledger (PTS, buildd, popcon).

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 12 Oct 2007 14:30:02 UTC

Severity: important

Tags: security

Fixed in version 2.6.0-1

Done: Nikolai Lusan <nikolai@lusan.id.au>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Finn-Arne Johansen <faj@bzz.no>:
Bug#446366; Package sql-ledger. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Finn-Arne Johansen <faj@bzz.no>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-5372 sql injection for authenticated users
Date: Fri, 12 Oct 2007 16:26:11 +0200
[Message part 1 (text/plain, inline)]
Package: sql-ledger
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sql-ledger.

CVE-2007-5372[0]:
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through
| 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to
| execute arbitrary SQL commands via (1) the invoice quantity field or
| (2) the sort field.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5372

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Nikolai Lusan <nikolai@lusan.id.au>:
You have taken responsibility. (Wed, 20 Jun 2012 10:34:55 GMT) (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Wed, 20 Jun 2012 10:34:58 GMT) (full text, mbox, link).

Message #10 received at 446366-done@bugs.debian.org (full text, mbox, reply):

From: Nikolai Lusan <nikolai@lusan.id.au>
To: 446366-done@bugs.debian.org
Subject: Version: 2.6.0-1
Date: Wed, 20 Jun 2012 20:33:26 +1000
[Message part 1 (text/plain, inline)]
Version: 2.6.0-1

This was fixed upstream prior to release number 2.6.0.


-- 
Nikolai Lusan <nikolai@lusan.id.au>

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 19 Jul 2012 07:32:39 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:34:42 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started