CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-4244

HIGH
7.5
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile30.93th
Published2006年8月31日
Last Modified2026年4月16日

Vulnerability Description

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Affected Platforms (CPE)

📦
Sql Ledger

Sql Ledger

= 2.4.4
📦
Sql Ledger

Sql Ledger

= 2.4.5
📦
Sql Ledger

Sql Ledger

= 2.4.6
📦
Sql Ledger

Sql Ledger

= 2.4.7
📦
Sql Ledger

Sql Ledger

= 2.4.8
📦
Sql Ledger

Sql Ledger

= 2.4.9
📦
Sql Ledger

Sql Ledger

= 2.4.10
📦
Sql Ledger

Sql Ledger

= 2.4.11
📦
Sql Ledger

Sql Ledger

= 2.4.12
📦
Sql Ledger

Sql Ledger

= 2.4.13
📦
Sql Ledger

Sql Ledger

= 2.4.14
📦
Sql Ledger

Sql Ledger

= 2.4.15
📦
Sql Ledger

Sql Ledger

= 2.4.16
📦
Sql Ledger

Sql Ledger

= 2.6.0
📦
Sql Ledger

Sql Ledger

= 2.6.1
📦
Sql Ledger

Sql Ledger

= 2.6.2
📦
Sql Ledger

Sql Ledger

= 2.6.3
📦
Sql Ledger

Sql Ledger

= 2.6.4
📦
Sql Ledger

Sql Ledger

= 2.6.5
📦
Sql Ledger

Sql Ledger

= 2.6.6
📦
Sql Ledger

Sql Ledger

= 2.6.7
📦
Sql Ledger

Sql Ledger

= 2.6.8
📦
Sql Ledger

Sql Ledger

= 2.6.9
📦
Sql Ledger

Sql Ledger

= 2.6.10
📦
Sql Ledger

Sql Ledger

= 2.6.11
📦
Sql Ledger

Sql Ledger

= 2.6.12
📦
Sql Ledger

Sql Ledger

= 2.6.13
📦
Sql Ledger

Sql Ledger

= 2.6.14
📦
Sql Ledger

Sql Ledger

= 2.6.15
📦
Sql Ledger

Sql Ledger

= 2.6.16
📦
Sql Ledger

Sql Ledger

= 2.6.17

References & Advisories

🔗 http://secunia.com/advisories/21689
🔗 http://securityreason.com/securityalert/1472
🔗 http://www.securityfocus.com/archive/1/444741/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/445512
🔗 http://www.securityfocus.com/bid/19758
🔗 http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28671
🔗 http://secunia.com/advisories/21689

相关漏洞威胁

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2007-14379.0

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and po...

CVE-2008-40777.8

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a deni...