Published: 13/09/2006 Updated: 03/04/2025

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Vulnerable Product	Search on Vulmon	Subscribe to Product
dws systems inc. sql-ledger 2.2.0
dws systems inc. sql-ledger 2.2.1
dws systems inc. sql-ledger 2.2.2
dws systems inc. sql-ledger 2.2.3
dws systems inc. sql-ledger 2.2.4
dws systems inc. sql-ledger 2.2.5
dws systems inc. sql-ledger 2.2.6
dws systems inc. sql-ledger 2.2.7
dws systems inc. sql-ledger 2.4.0
dws systems inc. sql-ledger 2.4.1
dws systems inc. sql-ledger 2.4.2
dws systems inc. sql-ledger 2.4.3
dws systems inc. sql-ledger 2.4.4
dws systems inc. sql-ledger 2.4.5
dws systems inc. sql-ledger 2.4.6
dws systems inc. sql-ledger 2.4.7
dws systems inc. sql-ledger 2.4.8
dws systems inc. sql-ledger 2.4.9
dws systems inc. sql-ledger 2.4.10
dws systems inc. sql-ledger 2.4.11
dws systems inc. sql-ledger 2.4.12
dws systems inc. sql-ledger 2.4.13
dws systems inc. sql-ledger 2.4.14
dws systems inc. sql-ledger 2.4.15
dws systems inc. sql-ledger 2.4.16
dws systems inc. sql-ledger 2.6.1
dws systems inc. sql-ledger 2.6.2
dws systems inc. sql-ledger 2.6.3
dws systems inc. sql-ledger 2.6.4
dws systems inc. sql-ledger 2.6.5
dws systems inc. sql-ledger 2.6.6
dws systems inc. sql-ledger 2.6.7
dws systems inc. sql-ledger 2.6.8
dws systems inc. sql-ledger 2.6.9
dws systems inc. sql-ledger 2.6.10
dws systems inc. sql-ledger 2.6.11
dws systems inc. sql-ledger 2.6.12
dws systems inc. sql-ledger 2.6.13
dws systems inc. sql-ledger 2.6.14
dws systems inc. sql-ledger 2.6.15
dws systems inc. sql-ledger 2.6.16
dws systems inc. sql-ledger 2.6.17
dws systems inc. sql-ledger 2.6.18
ledgersmb ledgersmb

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...

source: wwwsecurityfocuscom/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process The attacker may be able to use the application's built-in text editor to ...

NVD-CWE-Other https://nvd.nist.gov https://www.debian.org/security/./dsa-1239 https://www.exploit-db.com/exploits/28514/https://www.first.org/epss http://secunia.com/advisories/21824 http://secunia.com/advisories/21886 http://securityreason.com/securityalert/1553 http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778 http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69 http://www.securityfocus.com/archive/1/445817/100/0/threaded http://www.securityfocus.com/bid/19960 http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New http://www.vupen.com/english/advisories/2006/3554 http://www.vupen.com/english/advisories/2006/3555 https://exchange.xforce.ibmcloud.com/vulnerabilities/28885 http://secunia.com/advisories/21824 http://secunia.com/advisories/21886 http://securityreason.com/securityalert/1553 http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778 http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69 http://www.securityfocus.com/archive/1/445817/100/0/threaded http://www.securityfocus.com/bid/19960 http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New http://www.vupen.com/english/advisories/2006/3554 http://www.vupen.com/english/advisories/2006/3555 https://exchange.xforce.ibmcloud.com/vulnerabilities/28885

CVE-2006-4731

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect