Published: 18/12/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

login.pl in SQL-Ledger prior to 2.6.21 and LedgerSMB prior to 1.1.5 allows remote malicious users to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dws systems inc. sql-ledger 2.6.27

Debian Bug report logs - #409703 SQL-ledger unsafe for use with untrusted users or public installations Package: sql-ledger; Maintainer for sql-ledger is Robert James Clay <jame@rocasaus>; Source for sql-ledger is src:sql-ledger (PTS, buildd, popcon) Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: Sun, 4 ...

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4244 Chris Travers discovered that the session management can be tricked into hijacki ...

CWE-20 http://www.debian.org/security/2006/dsa-1239 http://www.securityfocus.com/bid/21634 http://securitytracker.com/id?1017391 http://secunia.com/advisories/23375 http://secunia.com/advisories/23419 http://www.vupen.com/english/advisories/2006/5043 http://www.vupen.com/english/advisories/2007/0407 http://www.securityfocus.com/archive/1/458300/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409703 https://nvd.nist.gov https://www.debian.org/security/./dsa-1239

CVE-2006-5872

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect