CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1437

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile12.19th
PublishedMar 13, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

Affected Platforms (CPE)

πŸ“¦
Ledgersmb

Ledgersmb

= 1.0.0
πŸ“¦
Ledgersmb

Ledgersmb

= 1.1.0
πŸ“¦
Ledgersmb

Ledgersmb

= 1.1.1
πŸ“¦
Sql Ledger

Sql Ledger

<= 2.6.24

References & Advisories

πŸ”— http://secunia.com/advisories/24363
πŸ”— http://secunia.com/advisories/24366
πŸ”— http://securityreason.com/securityalert/2435
πŸ”— http://www.securityfocus.com/archive/1/461944/100/100/threaded
πŸ”— http://secunia.com/advisories/24363
πŸ”— http://secunia.com/advisories/24366
πŸ”— http://securityreason.com/securityalert/2435
πŸ”— http://www.securityfocus.com/archive/1/461944/100/100/threaded

Related Vulnerabilities

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-390710.0

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perfor...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...