Unrated severityNVD Advisory· Published Mar 20, 2007· Updated Jun 16, 2026
CVE-2007-1540
CVE-2007-1540
Description
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*range: <=2.6.27
- (no CPE)range: <=2.6.27
Patches
Vulnerability mechanics
References
9- sourceforge.net/project/shownotes.phpnvdPatch
- secunia.com/advisories/24560nvd
- secunia.com/advisories/24585nvd
- sql-ledger.com/cgi-bin/nav.plnvd
- www.osvdb.org/33624nvd
- www.securityfocus.com/archive/1/463175/100/0/threadednvd
- www.securityfocus.com/bid/23034nvd
- www.vupen.com/english/advisories/2007/1024nvd
- www.vupen.com/english/advisories/2007/1025nvd
News mentions
0No linked articles in our index yet.