Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
oryginał ENAV:N/AC:L/Au:N/C:P/I:P/A:PLedgersmb
APPLedgersmb1.0.01.1.01.1.11.1.5≤ 1.1.8Sql Ledger
APPSql-Ledger2.4.102.4.112.4.122.4.132.4.142.4.152.4.162.4.42.4.52.4.62.4.72.4.82.4.92.6.02.6.1+ 20 więcej
Powiązane podatności
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative o...