10
CVSSv2

CVE-2007-5372

Published: 11/10/2007 Updated: 15/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 up to and including 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote malicious users to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dws systems inc. sql-ledger 2.2.0

dws systems inc. sql-ledger 2.2.1

dws systems inc. sql-ledger 2.2.2

dws systems inc. sql-ledger 2.2.3

dws systems inc. sql-ledger 2.2.4

dws systems inc. sql-ledger 2.2.5

dws systems inc. sql-ledger 2.2.6

dws systems inc. sql-ledger 2.2.7

dws systems inc. sql-ledger 2.4.0

dws systems inc. sql-ledger 2.4.1

dws systems inc. sql-ledger 2.4.2

dws systems inc. sql-ledger 2.4.3

dws systems inc. sql-ledger 2.4.4

dws systems inc. sql-ledger 2.4.5

dws systems inc. sql-ledger 2.4.6

dws systems inc. sql-ledger 2.4.7

dws systems inc. sql-ledger 2.4.8

dws systems inc. sql-ledger 2.4.9

dws systems inc. sql-ledger 2.4.10

dws systems inc. sql-ledger 2.4.11

dws systems inc. sql-ledger 2.4.12

dws systems inc. sql-ledger 2.4.13

dws systems inc. sql-ledger 2.4.14

dws systems inc. sql-ledger 2.4.15

dws systems inc. sql-ledger 2.4.16

dws systems inc. sql-ledger 2.6.1

dws systems inc. sql-ledger 2.6.2

dws systems inc. sql-ledger 2.6.3

dws systems inc. sql-ledger 2.6.4

dws systems inc. sql-ledger 2.6.5

dws systems inc. sql-ledger 2.6.6

dws systems inc. sql-ledger 2.6.7

dws systems inc. sql-ledger 2.6.8

dws systems inc. sql-ledger 2.6.9

dws systems inc. sql-ledger 2.6.10

dws systems inc. sql-ledger 2.6.11

dws systems inc. sql-ledger 2.6.12

dws systems inc. sql-ledger 2.6.13

dws systems inc. sql-ledger 2.6.14

dws systems inc. sql-ledger 2.6.15

dws systems inc. sql-ledger 2.6.16

dws systems inc. sql-ledger 2.6.17

dws systems inc. sql-ledger 2.6.18

dws systems inc. sql-ledger 2.6.27

ledgersmb ledgersmb 1.0.0

ledgersmb ledgersmb 1.1.0

ledgersmb ledgersmb 1.1.1

ledgersmb ledgersmb 1.1.5

ledgersmb ledgersmb 1.1.8

ledgersmb ledgersmb 1.2.0

ledgersmb ledgersmb 1.2.1

ledgersmb ledgersmb 1.2.2

ledgersmb ledgersmb 1.2.3

ledgersmb ledgersmb 1.2.4

ledgersmb ledgersmb 1.2.5

ledgersmb ledgersmb 1.2.6

ledgersmb ledgersmb 1.2.7

Vendor Advisories

Debian Bug report logs - #446366 CVE-2007-5372 sql injection for authenticated users Package: sql-ledger; Maintainer for sql-ledger is Robert James Clay <jame@rocasaus>; Source for sql-ledger is src:sql-ledger (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 12 Oct 2007 14:30:02 UTC Severi ...