LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Max CVSS
9.6
EPSS Score
2.48%
Published
2021-08-23
Updated
2021-08-27
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Max CVSS
9.6
EPSS Score
2.26%
Published
2021-08-23
Updated
2021-08-27
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-06-08
Updated
2018-08-01
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
Max CVSS
10.0
EPSS Score
6.37%
Published
2007-03-07
Updated
2018-10-16
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
Max CVSS
6.5
EPSS Score
1.04%
Published
2007-02-02
Updated
2018-10-16
5 vulnerabilities found