PT-2006-5506 · Sql Ledger+1 · Sql-Ledger+1
Chris Murtagh
+2
·
Publicado
2006-09-13
·
Atualizado
2018-10-17
·
CVE-2006-4731
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SQL-Ledger versions prior to 2.6.19
LedgerSMB versions prior to 1.0.0p1
Description
The issue allows remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash) in the login.pl and admin.pl files.
Recommendations
For SQL-Ledger versions prior to 2.6.19, update to version 2.6.19 or later.
For LedgerSMB versions prior to 1.0.0p1, update to version 1.0.0p1 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Ledgersmb
Sql-Ledger