5
CVSSv2

CVE-2006-4731

Published: 13/09/2006 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Vulnerable Product Search on Vulmon Subscribe to Product

dws systems inc. sql-ledger 2.6.14

dws systems inc. sql-ledger 2.4.10

dws systems inc. sql-ledger 2.4.7

dws systems inc. sql-ledger 2.2.3

dws systems inc. sql-ledger 2.6.12

dws systems inc. sql-ledger 2.2.5

dws systems inc. sql-ledger 2.4.6

dws systems inc. sql-ledger 2.6.15

dws systems inc. sql-ledger 2.6.6

dws systems inc. sql-ledger 2.6.3

dws systems inc. sql-ledger 2.4.12

dws systems inc. sql-ledger 2.6.13

dws systems inc. sql-ledger 2.4.14

dws systems inc. sql-ledger 2.6.1

dws systems inc. sql-ledger 2.6.16

dws systems inc. sql-ledger 2.2.0

dws systems inc. sql-ledger 2.6.11

dws systems inc. sql-ledger 2.2.6

dws systems inc. sql-ledger 2.4.13

dws systems inc. sql-ledger 2.4.5

dws systems inc. sql-ledger 2.4.11

dws systems inc. sql-ledger 2.6.18

dws systems inc. sql-ledger 2.4.16

dws systems inc. sql-ledger 2.4.1

dws systems inc. sql-ledger 2.4.8

dws systems inc. sql-ledger 2.6.9

dws systems inc. sql-ledger 2.6.4

dws systems inc. sql-ledger 2.6.7

dws systems inc. sql-ledger 2.4.3

dws systems inc. sql-ledger 2.2.4

dws systems inc. sql-ledger 2.4.4

dws systems inc. sql-ledger 2.4.15

dws systems inc. sql-ledger 2.4.9

dws systems inc. sql-ledger 2.6.17

dws systems inc. sql-ledger 2.4.2

dws systems inc. sql-ledger 2.2.1

dws systems inc. sql-ledger 2.4.0

dws systems inc. sql-ledger 2.2.2

dws systems inc. sql-ledger 2.2.7

dws systems inc. sql-ledger 2.6.5

ledgersmb ledgersmb

dws systems inc. sql-ledger 2.6.8

dws systems inc. sql-ledger 2.6.10

dws systems inc. sql-ledger 2.6.2

Vendor Advisories

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...

Exploits

source: wwwsecurityfocuscom/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process The attacker may be able to use the application's built-in text editor to ...