Published: 11/10/2007 Updated: 15/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 up to and including 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote malicious users to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dws systems inc. sql-ledger 2.2.7
dws systems inc. sql-ledger 2.4.0
dws systems inc. sql-ledger 2.4.15
dws systems inc. sql-ledger 2.4.16
dws systems inc. sql-ledger 2.4.8
dws systems inc. sql-ledger 2.4.9
dws systems inc. sql-ledger 2.6.16
dws systems inc. sql-ledger 2.6.17
dws systems inc. sql-ledger 2.6.6
dws systems inc. sql-ledger 2.6.7
ledgersmb ledgersmb 1.1.8
ledgersmb ledgersmb 1.2.0
dws systems inc. sql-ledger 2.2.0
dws systems inc. sql-ledger 2.2.1
dws systems inc. sql-ledger 2.4.1
dws systems inc. sql-ledger 2.4.10
dws systems inc. sql-ledger 2.4.2
dws systems inc. sql-ledger 2.4.3
dws systems inc. sql-ledger 2.6.1
dws systems inc. sql-ledger 2.6.10
dws systems inc. sql-ledger 2.6.18
dws systems inc. sql-ledger 2.6.2
dws systems inc. sql-ledger 2.6.8
dws systems inc. sql-ledger 2.6.9
ledgersmb ledgersmb 1.2.1
ledgersmb ledgersmb 1.2.2
dws systems inc. sql-ledger 2.2.2
dws systems inc. sql-ledger 2.2.3
dws systems inc. sql-ledger 2.4.11
dws systems inc. sql-ledger 2.4.12
dws systems inc. sql-ledger 2.4.4
dws systems inc. sql-ledger 2.4.5
dws systems inc. sql-ledger 2.6.11
dws systems inc. sql-ledger 2.6.12
dws systems inc. sql-ledger 2.6.27
dws systems inc. sql-ledger 2.6.3
ledgersmb ledgersmb 1.0.0
ledgersmb ledgersmb 1.1.0
ledgersmb ledgersmb 1.2.3
ledgersmb ledgersmb 1.2.4
ledgersmb ledgersmb 1.2.5
dws systems inc. sql-ledger 2.2.4
dws systems inc. sql-ledger 2.2.5
dws systems inc. sql-ledger 2.2.6
dws systems inc. sql-ledger 2.4.13
dws systems inc. sql-ledger 2.4.14
dws systems inc. sql-ledger 2.4.6
dws systems inc. sql-ledger 2.4.7
dws systems inc. sql-ledger 2.6.13
dws systems inc. sql-ledger 2.6.14
dws systems inc. sql-ledger 2.6.15
dws systems inc. sql-ledger 2.6.4
dws systems inc. sql-ledger 2.6.5
ledgersmb ledgersmb 1.1.1
ledgersmb ledgersmb 1.1.5
ledgersmb ledgersmb 1.2.6
ledgersmb ledgersmb 1.2.7

Debian Bug report logs - #446366 CVE-2007-5372 sql injection for authenticated users Package: sql-ledger; Maintainer for sql-ledger is Robert James Clay <jame@rocasaus>; Source for sql-ledger is src:sql-ledger (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 12 Oct 2007 14:30:02 UTC Severi ...

CWE-89 http://www.ledgersmb.org/node/54 http://www.securityfocus.com/bid/25979 http://secunia.com/advisories/27159 http://secunia.com/advisories/27171 http://securityreason.com/securityalert/3209 http://osvdb.org/37865 http://osvdb.org/37866 http://www.vupen.com/english/advisories/2007/3453 https://exchange.xforce.ibmcloud.com/vulnerabilities/37033 https://exchange.xforce.ibmcloud.com/vulnerabilities/37032 http://www.securityfocus.com/archive/1/481866/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446366 https://nvd.nist.gov

CVE-2007-5372

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect