VYPR
Unrated severityNVD Advisory· Published Feb 2, 2007· Updated Jun 16, 2026

CVE-2007-0667

CVE-2007-0667

Description

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

Affected products

9
  • cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*range: <=1.1.1
    • (no CPE)range: <1.1.5
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*
    • cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*
    • cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.

CVE-2007-0667 · VYPR