(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
References
Link | Resource |
---|---|
http://osvdb.org/38217 | Broken Link |
http://osvdb.org/38218 | Broken Link |
http://securityreason.com/securityalert/2552 | Third Party Advisory |
http://www.securityfocus.com/archive/1/464880/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/23352 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 | Third Party Advisory VDB Entry |
https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog | Release Notes |
http://osvdb.org/38217 | Broken Link |
http://osvdb.org/38218 | Broken Link |
http://securityreason.com/securityalert/2552 | Third Party Advisory |
http://www.securityfocus.com/archive/1/464880/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/23352 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 | Third Party Advisory VDB Entry |
https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog | Release Notes |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/38217 - Broken Link | |
References | () http://osvdb.org/38218 - Broken Link | |
References | () http://securityreason.com/securityalert/2552 - Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/464880/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/23352 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 - Third Party Advisory, VDB Entry | |
References | () https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog - Release Notes |
02 Feb 2024, 18:26
Type | Values Removed | Values Added |
---|---|---|
References | (OSVDB) http://osvdb.org/38218 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/23352 - Broken Link, Third Party Advisory, VDB Entry | |
References | (OSVDB) http://osvdb.org/38217 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/464880/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (MISC) https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog - Release Notes | |
References | (SREASON) http://securityreason.com/securityalert/2552 - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/33494 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:* | |
First Time |
Sql-ledger sql-ledger
Sql-ledger |
25 Sep 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. | |
References |
|
Information
Published : 2007-04-10 23:19
Updated : 2024-11-21 00:29
NVD link : CVE-2007-1923
Mitre link : CVE-2007-1923
CVE.ORG link : CVE-2007-1923
JSON object : View
Products Affected
sql-ledger
- sql-ledger
ledgersmb
- ledgersmb
CWE