The PGObject::Util::DBAdmin module prior to 0.120.0 for Perl, as used in LedgerSMB up to and including 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pgobject-util-dbadmin project pgobject-util-dbadmin |
||
ledgersmb ledgersmb |