CVE-2007-1923

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*

History

02 Feb 2024, 18:26

Type Values Removed Values Added
References (OSVDB) http://osvdb.org/38218 - (OSVDB) http://osvdb.org/38218 - Broken Link
References (BID) http://www.securityfocus.com/bid/23352 - (BID) http://www.securityfocus.com/bid/23352 - Broken Link, Third Party Advisory, VDB Entry
References (OSVDB) http://osvdb.org/38217 - (OSVDB) http://osvdb.org/38217 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/464880/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/464880/100/0/threaded - Third Party Advisory, VDB Entry
References (MISC) https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog - (MISC) https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog - Release Notes
References (SREASON) http://securityreason.com/securityalert/2552 - (SREASON) http://securityreason.com/securityalert/2552 - Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:dws_systems_inc.:sql-ledger:*:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*
First Time Sql-ledger sql-ledger
Sql-ledger

25 Sep 2023, 05:15

Type Values Removed Values Added
Summary (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
References
  • (MISC) https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog -

Information

Published : 2007-04-10 23:19

Updated : 2024-02-28 11:01


NVD link : CVE-2007-1923

Mitre link : CVE-2007-1923

CVE.ORG link : CVE-2007-1923


JSON object : View

Products Affected

ledgersmb

  • ledgersmb

sql-ledger

  • sql-ledger