| ID |
CVE-2007-1437
|
| Summary |
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.0 (as of 16-10-2018 - 16:38) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| refmap
via4
|
| bugtraq | 20070305 DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25 | | secunia | | | sreason | 2435 |
|
| Last major update |
16-10-2018 - 16:38 |
| Published |
13-03-2007 - 19:19 |
| Last modified |
16-10-2018 - 16:38 |
