HIGH🇬🇧 English

CVE-2007-1923

CVSS 7.5v2.0pub. 2007-04-10upd. 2026-04-23

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Ledgersmb

    APP
    Ledgersmb
    < 1.3.0
  • Sql Ledger

    APP
    Sql-Ledger
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-9246CRITICAL9.8ten sam produkt

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...

CVE-2024-23831HIGH7.5ten sam produkt

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...

CVE-2021-3693HIGH8.8ten sam produkt

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...

CVE-2021-3694HIGH8.2ten sam produkt

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...

CVE-2009-4402HIGH7.5ten sam produkt

The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative o...