Sql-ledger » Sql-ledger : Security Vulnerabilities, CVEs, Published In 2006
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
Max CVSS
7.5
EPSS Score
3.42%
Published
2006-08-31
Updated
2018-10-17
1 vulnerabilities found