Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
AV:N/AC:L/Au:N/C:C/I:C/A:CDws Systems Inc. Sql Ledger
APPDws Systems Inc.2.2.02.2.12.2.22.2.32.2.42.2.52.2.62.2.72.4.02.4.12.4.102.4.112.4.122.4.132.4.14+ 29 więcejLedgersmb
APPLedgersmb1.0.01.1.01.1.11.1.51.1.81.2.01.2.11.2.21.2.31.2.41.2.51.2.61.2.7
Related vulnerabilities
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently...
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an a...
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially cr...
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted...
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attac...