header-logo
Suggest Exploit
vendor:
SQL-Ledger and LedgerSMB
by:
SecurityFocus
7.5
CVSS
HIGH
Directory-Traversal
22
CWE
Product Name: SQL-Ledger and LedgerSMB
Affected Version From: SQL-Ledger version 2.6.18
Affected Version To: LedgerSMB version 1.0.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SQL-Ledger and LedgerSMB Remote Directory-Traversal Vulnerability

An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.

Mitigation:

Ensure that the application is not vulnerable to directory traversal attacks by validating user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19960/info

SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability.

An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. 

The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.

SQL-Ledger version 2.6.18 and LedgerSMB version 1.0.0 are vulnerable to this issue.

http://www.example.com/path/login.pl?terminal=../css

Navigation

Suggest Exploit

Services By CQR