Seneca Cunningham

**Name of the Vulnerable Software and Affected Versions** LedgerSMB versions prior to 1.2.15 SQL-Ledger versions prior to 2.8.18 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This is a SQL injection vulnerability in the AR/AP transaction report. **Recommendations** For LedgerSMB versions prior to 1.2.15, update to version 1.2.15 or later. For SQL-Ledger versions prior to 2.8.18, update to version 2.8.18 or later.