Unrated severityNVD Advisory· Published Apr 10, 2007· Updated Apr 23, 2026

CVE-2007-1923

Description

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

Affected products

Ledgersmb/Ledgersmb
cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
Range: <1.3.0
Sql Ledger/SQL Ledger
cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/2552nvdThird Party Advisory
www.securityfocus.com/archive/1/464880/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/23352nvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/33494nvdThird Party AdvisoryVDB Entry
osvdb.org/38217nvdBroken Link
osvdb.org/38218nvdBroken Link
github.com/ledgersmb/LedgerSMB/blob/master/ChangelognvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000