login.pl in SQL-Ledger prior to 2.6.21 and LedgerSMB prior to 1.1.5 allows remote malicious users to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dws systems inc. sql-ledger 2.6.27 |