HIGH🇬🇧 English

CVE-2007-5372

CVSS 10.0v2.0pub. 2007-10-11upd. 2026-04-23

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Dws Systems Inc. Sql Ledger

    APP
    Dws Systems Inc.
    2.2.02.2.12.2.22.2.32.2.42.2.52.2.62.2.72.4.02.4.12.4.102.4.112.4.122.4.132.4.14+ 29 więcej
  • Ledgersmb

    APP
    Ledgersmb
    1.0.01.1.01.1.11.1.51.1.81.2.01.2.11.2.21.2.31.2.41.2.51.2.61.2.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2018-9246CRITICAL9.8ten sam produkt

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...

CVE-2024-23831HIGH7.5ten sam produkt

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...

CVE-2021-3693HIGH8.8ten sam produkt

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...

CVE-2021-3694HIGH8.2ten sam produkt

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...

CVE-2008-4077HIGH7.8ten sam produkt

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attac...