Published: 13/09/2006 Updated: 17/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Vulnerable Product	Search on Vulmon	Subscribe to Product
dws systems inc. sql-ledger 2.2.0
dws systems inc. sql-ledger 2.2.1
dws systems inc. sql-ledger 2.4.1
dws systems inc. sql-ledger 2.4.10
dws systems inc. sql-ledger 2.4.2
dws systems inc. sql-ledger 2.4.3
dws systems inc. sql-ledger 2.6.1
dws systems inc. sql-ledger 2.6.10
dws systems inc. sql-ledger 2.6.18
dws systems inc. sql-ledger 2.6.2
dws systems inc. sql-ledger 2.6.9
ledgersmb ledgersmb
dws systems inc. sql-ledger 2.2.2
dws systems inc. sql-ledger 2.2.3
dws systems inc. sql-ledger 2.4.11
dws systems inc. sql-ledger 2.4.12
dws systems inc. sql-ledger 2.4.4
dws systems inc. sql-ledger 2.4.5
dws systems inc. sql-ledger 2.6.11
dws systems inc. sql-ledger 2.6.12
dws systems inc. sql-ledger 2.6.13
dws systems inc. sql-ledger 2.6.3
dws systems inc. sql-ledger 2.6.4
dws systems inc. sql-ledger 2.2.4
dws systems inc. sql-ledger 2.2.5
dws systems inc. sql-ledger 2.2.6
dws systems inc. sql-ledger 2.4.13
dws systems inc. sql-ledger 2.4.14
dws systems inc. sql-ledger 2.4.6
dws systems inc. sql-ledger 2.4.7
dws systems inc. sql-ledger 2.6.14
dws systems inc. sql-ledger 2.6.15
dws systems inc. sql-ledger 2.6.5
dws systems inc. sql-ledger 2.6.6
dws systems inc. sql-ledger 2.2.7
dws systems inc. sql-ledger 2.4.0
dws systems inc. sql-ledger 2.4.15
dws systems inc. sql-ledger 2.4.16
dws systems inc. sql-ledger 2.4.8
dws systems inc. sql-ledger 2.4.9
dws systems inc. sql-ledger 2.6.16
dws systems inc. sql-ledger 2.6.17
dws systems inc. sql-ledger 2.6.7
dws systems inc. sql-ledger 2.6.8

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...

source: wwwsecurityfocuscom/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process The attacker may be able to use the application's built-in text editor to ...

NVD-CWE-Other http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69 http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778 http://secunia.com/advisories/21824 http://secunia.com/advisories/21886 http://www.securityfocus.com/bid/19960 http://securityreason.com/securityalert/1553 http://www.vupen.com/english/advisories/2006/3554 http://www.vupen.com/english/advisories/2006/3555 https://exchange.xforce.ibmcloud.com/vulnerabilities/28885 http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New http://www.securityfocus.com/archive/1/445817/100/0/threaded https://nvd.nist.gov https://www.securityfocus.com/bid/19960 https://www.exploit-db.com/exploits/28514/https://www.debian.org/security/./dsa-1239

CVE-2006-4731

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect