VYPR

SQL Ledger

by Dws Systems Inc.

CVEs (5)

  • CVE-2006-4731Sep 13, 2006
    risk 0.03cvss epss 0.06

    Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

  • CVE-2007-5372Oct 11, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

  • CVE-2007-1923Apr 10, 2007
    risk 0.00cvss epss 0.03

    (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

  • CVE-2006-5872Dec 18, 2006
    risk 0.00cvss epss 0.02

    login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

  • CVE-2006-4798Sep 14, 2006
    risk 0.00cvss epss 0.01

    SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.