Unrated severityNVD Advisory· Published Aug 31, 2006· Updated Apr 16, 2026
CVE-2006-4244
CVE-2006-4244
Description
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
Affected products
31cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.securityfocus.com/archive/1/445512nvdExploit
- secunia.com/advisories/21689nvdVendor Advisory
- securityreason.com/securityalert/1472nvd
- www.securityfocus.com/archive/1/444741/100/0/threadednvd
- www.securityfocus.com/bid/19758nvd
- www.sql-ledger.org/cgi-bin/nav.plnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28671nvd
News mentions
0No linked articles in our index yet.