CVE-2007-1329

Name of the Vulnerable Software and Affected Versions LedgerSMB versions prior to 1.1.5 SQL-Ledger (affected versions not specified)

Description The issue allows remote attackers to read and overwrite arbitrary files and execute arbitrary code via directory traversal. This is achieved by using . (dot) characters adjacent to specific strings, which are removed by blacklisting functions, resulting in .. (dot dot) sequences.

Recommendations For LedgerSMB versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. For SQL-Ledger, at the moment, there is no information about a newer version that contains a fix for this vulnerability.