- Description
- Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F7858BB-0570-4E97-BB32-536D30DC4525",
"versionEndIncluding": "1.1.8"
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2FBBC0F-B7B2-44BB-9126-FE55DD095273",
"versionEndIncluding": "2.6.27"
}
],
"operator": "OR"
}
]
}
]