7.5
CVSSv2

CVE-2006-5872

Published: 18/12/2006 Updated: 21/11/2024

Vulnerability Summary

login.pl in SQL-Ledger prior to 2.6.21 and LedgerSMB prior to 1.1.5 allows remote malicious users to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

Vulnerable Product Search on Vulmon Subscribe to Product

dws systems inc. sql-ledger 2.6.27

Vendor Advisories

Debian Bug report logs - #409703 SQL-ledger unsafe for use with untrusted users or public installations Package: sql-ledger; Maintainer for sql-ledger is Robert James Clay <jame@rocasaus>; Source for sql-ledger is src:sql-ledger (PTS, buildd, popcon) Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: Sun, 4 ...
Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...