1. CVE-Search
  2. CVE-2007-1923
ID CVE-2007-1923
Summary (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
References
Vulnerable Configurations
  • cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:ledgersmb:ledgersmb:1.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:ledgersmb:ledgersmb:1.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*
    cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 02-02-2024 - 18:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 23352
bugtraq 20070406 ACLS ineffective in SQL-Ledger and LedgerSMB
osvdb
  • 38217
  • 38218
sreason 2552
xf sqlledger-acl-weak-security(33494)
Last major update 02-02-2024 - 18:26
Published 10-04-2007 - 23:19
Last modified 02-02-2024 - 18:26
Back to Top