The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
oryginał ENAV:N/AC:L/Au:N/C:N/I:N/A:CLedgersmb
APPLedgersmb< 1.2.15Sql Ledger
APPSql-Ledger≤ 2.8.17
Powiązane podatności
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative o...