SQL-Ledger prior to 2.4.4 stores a password in a query string, which might allow context-dependent malicious users to obtain the password via a Referer field or browser history.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dws systems inc. sql-ledger |