Vulnerability Details : CVE-2007-1923
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
Products affected by CVE-2007-1923
- cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*
- cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1923
0.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1923
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2007-1923
-
http://osvdb.org/38218
Broken Link
-
http://securityreason.com/securityalert/2552
ACLS ineffective in SQL-Ledger and LedgerSMB - CXSecurity.comThird Party Advisory
-
https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog
LedgerSMB/Changelog at master · ledgersmb/LedgerSMB · GitHubRelease Notes
-
http://www.securityfocus.com/archive/1/464880/100/0/threaded
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33494
SQL-Ledger and LedgerSMB access control list weak security CVE-2007-1923 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/23352
Broken Link;Third Party Advisory;VDB Entry
-
http://osvdb.org/38217
Broken Link
Jump to