5
CVSSv2

CVE-2006-4731

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5 | VMScore: 600 | EPSS: 0.16748 | KEV: Not Included
Published: 13/09/2006 Updated: 03/04/2025

Vulnerability Summary

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Vulnerable Product Search on Vulmon Subscribe to Product

dws systems inc. sql-ledger 2.2.0

dws systems inc. sql-ledger 2.2.1

dws systems inc. sql-ledger 2.2.2

dws systems inc. sql-ledger 2.2.3

dws systems inc. sql-ledger 2.2.4

dws systems inc. sql-ledger 2.2.5

dws systems inc. sql-ledger 2.2.6

dws systems inc. sql-ledger 2.2.7

dws systems inc. sql-ledger 2.4.0

dws systems inc. sql-ledger 2.4.1

dws systems inc. sql-ledger 2.4.2

dws systems inc. sql-ledger 2.4.3

dws systems inc. sql-ledger 2.4.4

dws systems inc. sql-ledger 2.4.5

dws systems inc. sql-ledger 2.4.6

dws systems inc. sql-ledger 2.4.7

dws systems inc. sql-ledger 2.4.8

dws systems inc. sql-ledger 2.4.9

dws systems inc. sql-ledger 2.4.10

dws systems inc. sql-ledger 2.4.11

dws systems inc. sql-ledger 2.4.12

dws systems inc. sql-ledger 2.4.13

dws systems inc. sql-ledger 2.4.14

dws systems inc. sql-ledger 2.4.15

dws systems inc. sql-ledger 2.4.16

dws systems inc. sql-ledger 2.6.1

dws systems inc. sql-ledger 2.6.2

dws systems inc. sql-ledger 2.6.3

dws systems inc. sql-ledger 2.6.4

dws systems inc. sql-ledger 2.6.5

dws systems inc. sql-ledger 2.6.6

dws systems inc. sql-ledger 2.6.7

dws systems inc. sql-ledger 2.6.8

dws systems inc. sql-ledger 2.6.9

dws systems inc. sql-ledger 2.6.10

dws systems inc. sql-ledger 2.6.11

dws systems inc. sql-ledger 2.6.12

dws systems inc. sql-ledger 2.6.13

dws systems inc. sql-ledger 2.6.14

dws systems inc. sql-ledger 2.6.15

dws systems inc. sql-ledger 2.6.16

dws systems inc. sql-ledger 2.6.17

dws systems inc. sql-ledger 2.6.18

ledgersmb ledgersmb

Vendor Advisories

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...

Exploits

source: wwwsecurityfocuscom/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process The attacker may be able to use the application's built-in text editor to ...