Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote malicious users to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sql-ledger sql-ledger 2.6.27 |