1. CVE-Search
  2. CVE-2007-1436
ID CVE-2007-1436
Summary Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. This vulnerability is addressed in the following product updates: SQL-Ledger, 2.6.26 LedgerSMB, 1.1.9
References
Vulnerable Configurations
  • cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 22889
bugtraq 20070309 Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)
confirm http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965
osvdb
  • 33622
  • 33623
secunia
  • 24467
  • 24496
sreason 2436
Last major update 16-10-2018 - 16:38
Published 13-03-2007 - 19:19
Last modified 16-10-2018 - 16:38
Back to Top