Richard Patterson

**Name of the Vulnerable Software and Affected Versions** SQL-Ledger versions prior to 2.6.19 LedgerSMB versions prior to 1.0.0p1 **Description** The issue allows remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash) in the login.pl and admin.pl files. **Recommendations** For SQL-Ledger versions prior to 2.6.19, update to version 2.6.19 or later. For LedgerSMB versions prior to 1.0.0p1, update to version 1.0.0p1 or later.