SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Link | Resource |
---|---|
http://secunia.com/advisories/31843 | Patch Vendor Advisory |
http://securityreason.com/securityalert/4250 | Third Party Advisory |
http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 | Product |
http://www.securityfocus.com/archive/1/496181/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/31109 | Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
09 Feb 2024, 20:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:*:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:* cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:* cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:*:*:*:*:*:*:* |
|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/496181/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/31109 - Patch, Third Party Advisory, VDB Entry | |
References | (SREASON) http://securityreason.com/securityalert/4250 - Third Party Advisory | |
References | (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978 - Product | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45034 - Third Party Advisory, VDB Entry |
Information
Published : 2008-09-15 15:14
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4078
Mitre link : CVE-2008-4078
CVE.ORG link : CVE-2008-4078
JSON object : View
Products Affected
ledgersmb
- ledgersmb
sql-ledger
- sql-ledger
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')