CVE-2007-1437

Properties

Published:
12.03.2007
Updated:
14.03.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:L/Au:R/C:C/I:C/A:C/B:N)
Product:
SQL-Ledger: SQL-Ledger
LedgerSMB: LedgerSMB
LedgerSMB: LedgerSMB

Vulnerability description

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/461944/100/100/threaded
SECUNIA: http://secunia.com/advisories/24363
SECUNIA: http://secunia.com/advisories/24366