Published: 02/02/2024 Updated: 10/02/2024

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 0

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ledgersmb ledgersmb

Debian Bug report logs - #1062845 ledgersmb: CVE-2024-23831 Package: src:ledgersmb; Maintainer for src:ledgersmb is LedgerSMB Core Team <devel@listsledgersmborg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Feb 2024 20:15:05 UTC Severity: important Tags: security, upstream Found in versions ...

CWE-352 https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062845 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-23831

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect