CVE-2007-1541

Name of the Vulnerable Software and Affected Versions SQL-Ledger version 2.6.27

Description The issue allows remote attackers to bypass authentication and run arbitrary executables due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) sequence in the login parameter, exploiting the insufficient protection against directory traversal attacks, which only checks for the presence of a NULL (%00) character.

Recommendations For SQL-Ledger version 2.6.27, consider restricting access to the am.pl script until a patch is available, and avoid using the login parameter with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.