PT-2009-5866 · Sql Ledger+1 · Sql-Ledger+1
Published
2009-12-23
·
Updated
2018-10-10
·
CVE-2009-3583
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SQL-Ledger version 2.8.24
Description
A directory traversal issue exists in the Preferences menu item, allowing remote attackers to include and execute arbitrary local files by using a .. (dot dot) in the
countrycode field.Recommendations
For SQL-Ledger version 2.8.24, consider restricting access to the Preferences menu item until a patch is available. As a temporary workaround, avoid using the
countrycode field in the affected Preferences menu item to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Sql-Ledger