CVE-2009-3582

Name of the Vulnerable Software and Affected Versions SQL-Ledger version 2.8.24

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the delete subroutine, specifically via the id and possibly the db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.

Recommendations For SQL-Ledger version 2.8.24, as a temporary workaround, consider restricting access to the delete subroutine until a patch is available. Avoid using the id and db parameters in the affected Delete action to minimize the risk of exploitation.