CVE-2006-4244

Name of the Vulnerable Software and Affected Versions SQL-Ledger versions 2.4.4 through 2.6.17

Description The issue allows remote attackers to gain access as any logged-in user. This is achieved by setting the sql-ledger-[username] cookie and the sessionid parameter to the same value, thereby bypassing user authentication.

Recommendations For SQL-Ledger versions 2.4.4 through 2.6.17, as a temporary workaround, consider implementing additional authentication measures to verify user sessions, such as validating the sessionid parameter against a server-side stored value to prevent tampering. Restrict access to sensitive areas of the application until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.