header-logo
Suggest Exploit
vendor:
LedgerSMB, SQL-Ledger
by:
7.5
CVSS
HIGH
Local File Include, Authentication Bypass
CWE
Product Name: LedgerSMB, SQL-Ledger
Affected Version From: LedgerSMB prior to 1.1.10, SQL-Ledger prior to 2.6.27
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Include and Authentication Bypass Vulnerabilities in LedgerSMB/SQL-Ledger

The LedgerSMB/SQL-Ledger application fails to sufficiently sanitize user-supplied input, leading to a local file-include vulnerability. Additionally, SQL-Ledger is prone to an authentication-bypass vulnerability. An attacker can exploit these vulnerabilities to view files, execute arbitrary local scripts within the webserver context, and potentially gain unauthorized access to the affected application.

Mitigation:

Apply the vendor-provided patches and upgrade LedgerSMB to version 1.1.10 or later. Upgrade SQL-Ledger to version 2.6.27 or later. Avoid providing user-supplied input without proper sanitization.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23034/info

LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerability.

A successful exploit would allow an attacker to view files and execute arbitrary local scripts within the context of the webserver and potentially gain unauthorized access to the affected application.

Note that the authentication-bypass issue affects only SQL-Ledger.

These issues affect LedgerSMB prior to 1.1.10 and SQL-Ledger prior to 2.6.27.

http://www.example.com/sql-ledger/am.pl?login=../../../home/user/foo.pl%00&action=add_department