CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-1437

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile12.19th
Published2007年3月13日
Last Modified2026年4月23日

Vulnerability Description

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

Affected Platforms (CPE)

📦
Ledgersmb

Ledgersmb

= 1.0.0
📦
Ledgersmb

Ledgersmb

= 1.1.0
📦
Ledgersmb

Ledgersmb

= 1.1.1
📦
Sql Ledger

Sql Ledger

<= 2.6.24

References & Advisories

🔗 http://secunia.com/advisories/24363
🔗 http://secunia.com/advisories/24366
🔗 http://securityreason.com/securityalert/2435
🔗 http://www.securityfocus.com/archive/1/461944/100/100/threaded
🔗 http://secunia.com/advisories/24363
🔗 http://secunia.com/advisories/24366
🔗 http://securityreason.com/securityalert/2435
🔗 http://www.securityfocus.com/archive/1/461944/100/100/threaded

相关漏洞威胁

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-390710.0

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perfor...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...