CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3907

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1820%
EPSS Percentile5.80th
PublishedJul 19, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Affected Platforms (CPE)

πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.0
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.1
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.2
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.3
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.4
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.5
πŸ“¦
Ledgersmb

Ledgersmb

= 1.2.6

References & Advisories

πŸ”— http://secunia.com/advisories/26121
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
πŸ”— http://www.ledgersmb.org/node/52
πŸ”— http://www.securityfocus.com/archive/1/473987/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/473993/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/24940
πŸ”— http://www.vupen.com/english/advisories/2007/2576
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35507

Related Vulnerabilities

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...

CVE-2007-14379.0

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and po...