CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4244

HIGH
7.5
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile30.93th
PublishedAug 31, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Affected Platforms (CPE)

πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.4
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.5
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.6
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.7
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.8
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.9
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.10
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.11
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.12
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.13
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.14
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.15
πŸ“¦
Sql Ledger

Sql Ledger

= 2.4.16
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.0
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.1
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.2
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.3
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.4
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.5
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.6
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.7
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.8
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.9
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.10
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.11
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.12
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.13
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.14
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.15
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.16
πŸ“¦
Sql Ledger

Sql Ledger

= 2.6.17

References & Advisories

πŸ”— http://secunia.com/advisories/21689
πŸ”— http://securityreason.com/securityalert/1472
πŸ”— http://www.securityfocus.com/archive/1/444741/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/445512
πŸ”— http://www.securityfocus.com/bid/19758
πŸ”— http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28671
πŸ”— http://secunia.com/advisories/21689

Related Vulnerabilities

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2007-14379.0

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and po...

CVE-2008-40777.8

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a deni...