Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
AV:N/AC:L/Au:S/C:C/I:C/A:CLedgersmb
APPLedgersmb1.0.01.1.01.1.1Sql Ledger
APPSql-Ledger≤ 2.6.24
Related vulnerabilities
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative o...