Sql Ledger

sql-ledger

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5372 2Dws Systems Inc. Ledgersmb 2Ledgersmb Sql Ledger Apr 23, 2026 Oct 11, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort f...Show more Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.Show less
CVE-2006-5872 1Dws Systems Inc. 1Sql Ledger Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
CVE-2006-4798 1Dws Systems Inc. 1Sql Ledger Apr 16, 2026 Sep 14, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
CVE-2006-4731 2Dws Systems Inc. Ledgersmb 2Ledgersmb Sql Ledger Apr 16, 2026 Sep 13, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified term...Show more Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).Show less