Chris Travers

**Name of the Vulnerable Software and Affected Versions** LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. This can be achieved by sending a request to the CGI scripts. **Recommendations** For LedgerSMB versions prior to 1.2.15, update to version 1.2.15 or later to resolve the issue. For SQL-Ledger versions 2.8.17 and earlier, consider disabling the CGI scripts as a temporary workaround until a patch is available. Restrict access to the CGI scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger (affected versions not specified) **Description** The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changing the set of URLs linked from menus. **Recommendations** For LedgerSMB versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For DWS Systems SQL-Ledger, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LedgerSMB versions prior to 1.1.5 SQL-Ledger versions prior to 2.6.25 **Description** The issue allows remote attackers to overwrite files and possibly bypass authentication. Additionally, remote authenticated users can execute unauthorized code by calling a custom error function that returns from execution. **Recommendations** For LedgerSMB versions prior to 1.1.5, update to version 1.1.5 or later. For SQL-Ledger versions prior to 2.6.25, update to version 2.6.25 or later.

**Name of the Vulnerable Software and Affected Versions** LedgerSMB versions prior to 1.1.5 SQL-Ledger (affected versions not specified) **Description** The issue is related to the redirect function in Form.pm, which allows remote authenticated users to execute arbitrary code via redirects. This is related to callbacks. **Recommendations** For LedgerSMB versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. For SQL-Ledger, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SQL-Ledger versions prior to 2.4.4 **Description** The issue allows context-dependent attackers to potentially obtain a password via a Referer field or browser history because the password is stored in a query string. **Recommendations** For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SQL-Ledger versions prior to 2.6.19 LedgerSMB versions prior to 1.0.0p1 **Description** The issue allows remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash) in the login.pl and admin.pl files. **Recommendations** For SQL-Ledger versions prior to 2.6.19, update to version 2.6.19 or later. For LedgerSMB versions prior to 1.0.0p1, update to version 1.0.0p1 or later.

**Name of the Vulnerable Software and Affected Versions** SQL-Ledger versions 2.4.4 through 2.6.17 **Description** The issue allows remote attackers to gain access as any logged-in user. This is achieved by setting the `sql-ledger-[username]` cookie and the `sessionid` parameter to the same value, thereby bypassing user authentication. **Recommendations** For SQL-Ledger versions 2.4.4 through 2.6.17, as a temporary workaround, consider implementing additional authentication measures to verify user sessions, such as validating the `sessionid` parameter against a server-side stored value to prevent tampering. Restrict access to sensitive areas of the application until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.