CVE-2009-3580

Name of the Vulnerable Software and Affected Versions SQL-Ledger version 2.8.24

Description A cross-site request forgery issue allows remote attackers to hijack user authentication for password change requests. This is achieved by manipulating the login, new password, and confirm password parameters in a preferences action.

Recommendations For SQL-Ledger version 2.8.24, consider disabling the password change functionality via the preferences action until a patch is available. Restrict access to the affected am.pl script to minimize the risk of exploitation. Avoid using the login, new password, and confirm password parameters in the preferences action until the issue is resolved.