返回 CVE 瀏覽器

CVE-2007-3907

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1820%

EPSS Percentile5.80th

Published2007年7月19日

Last Modified2026年4月23日

Vulnerability Description

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Affected Platforms (CPE)

📦

Ledgersmb

Ledgersmb

= 1.2.0

📦

Ledgersmb

Ledgersmb

= 1.2.1

📦

Ledgersmb

Ledgersmb

= 1.2.2

📦

Ledgersmb

Ledgersmb

= 1.2.3

📦

Ledgersmb

Ledgersmb

= 1.2.4

📦

Ledgersmb

Ledgersmb

= 1.2.5

📦

Ledgersmb

Ledgersmb

= 1.2.6

References & Advisories

🔗 http://secunia.com/advisories/26121

🔗 http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965

🔗 http://www.ledgersmb.org/node/52

🔗 http://www.securityfocus.com/archive/1/473987/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/473993/100/0/threaded

🔗 http://www.securityfocus.com/bid/24940

🔗 http://www.vupen.com/english/advisories/2007/2576

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35507

相關漏洞威脅

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...

CVE-2007-14379.0

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and po...