CVE-2006-4731

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21824	Patch Vendor Advisory
http://secunia.com/advisories/21886	Patch Vendor Advisory
http://securityreason.com/securityalert/1553
http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778	Patch
http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69
http://www.securityfocus.com/archive/1/445817/100/0/threaded
http://www.securityfocus.com/bid/19960
http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
http://www.vupen.com/english/advisories/2006/3554
http://www.vupen.com/english/advisories/2006/3555
https://exchange.xforce.ibmcloud.com/vulnerabilities/28885

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:::::::*
	cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:::::::*
	cpe:2.3:a:ledgersmb:ledgersmb::::::::

History

No history.

Information

Published : 2006-09-13 00:07

Updated : 2024-02-04 16:52

NVD link : CVE-2006-4731

Mitre link : CVE-2006-4731

CVE.ORG link : CVE-2006-4731

JSON object : View

Products Affected

ledgersmb

ledgersmb

dws_systems_inc.

sql-ledger

CWE

NVD-CWE-Other

5.0 /10