CRITICAL🇬🇧 English

CVE-2018-9246

CVSS 9.8v3.0pub. 2018-06-08upd. 2024-11-21

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ledgersmb

    APP
    Ledgersmb
    1.5.0 – 1.5.21
  • Pgobject Util Dbadmin Project Pgobject Util Dbadmin

    APP
    Pgobject-Util-Dbadmin Project
    < 0.120.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-23831HIGH7.5ten sam produkt

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...

CVE-2021-3693HIGH8.8ten sam produkt

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...

CVE-2021-3694HIGH8.2ten sam produkt

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...

CVE-2008-4077HIGH7.8ten sam produkt

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attac...

CVE-2007-5372HIGH10.0ten sam produkt

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x...