VYPR
Unrated severityNVD Advisory· Published Mar 20, 2007· Updated Jun 16, 2026

CVE-2007-1540

CVE-2007-1540

Description

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*range: <=1.1.8
    • (no CPE)range: <1.2.0
  • cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*range: <=2.6.27
    • (no CPE)range: <=2.6.27

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.