CVE-2007-0667

Published: Feb 2, 2007Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

Affected (7)

Products: Ledgersmb: Ledgersmb · Sql Ledger: Sql Ledger

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ledgersmb Ledgersmb	Up to 1.1.1
Sql Ledger Sql Ledger	Version 2.4.7
Sql Ledger Sql Ledger	Version 2.6.17
Sql Ledger Sql Ledger	Version 2.6.18
Sql Ledger Sql Ledger	Version 2.6.19
Sql Ledger Sql Ledger	Version 2.6.21
Sql Ledger Sql Ledger	Version 2.6.25

References (10)

http://securityreason.com/securityalert/2217

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/458464/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/459264/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/22295

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0407

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/2217

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/458464/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/459264/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22295

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0407

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.