CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:50

Type Values Removed Values Added
References () http://secunia.com/advisories/31843 - Patch, Vendor Advisory () http://secunia.com/advisories/31843 - Patch, Vendor Advisory
References () http://securityreason.com/securityalert/4250 - Third Party Advisory () http://securityreason.com/securityalert/4250 - Third Party Advisory
References () http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 - Product () http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 - Product
References () http://www.securityfocus.com/archive/1/496181/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/496181/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/31109 - Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/31109 - Patch, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 - Third Party Advisory, VDB Entry

09 Feb 2024, 20:08

Type Values Removed Values Added
References (BUGTRAQ) http://www.securityfocus.com/archive/1/496181/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/496181/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/31109 - Patch (BID) http://www.securityfocus.com/bid/31109 - Patch, Third Party Advisory, VDB Entry
References (SREASON) http://securityreason.com/securityalert/4250 - (SREASON) http://securityreason.com/securityalert/4250 - Third Party Advisory
References (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 - (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 - Product
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:*:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:*:*:*:*:*:*:*

Information

Published : 2008-09-15 15:14

Updated : 2024-11-21 00:50


NVD link : CVE-2008-4078

Mitre link : CVE-2008-4078

CVE.ORG link : CVE-2008-4078


JSON object : View

Products Affected

sql-ledger

  • sql-ledger

ledgersmb

  • ledgersmb
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')