CVE-2007-1923
N/A
N/A
Summary
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://osvdb.org/38218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33494
- http://securityreason.com/securityalert/2552
- http://osvdb.org/38217
- http://www.securityfocus.com/bid/23352
- http://www.securityfocus.com/archive/1/464880/100/0/threaded
- https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog
References
- http://osvdb.org/38218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33494
- http://securityreason.com/securityalert/2552
- http://osvdb.org/38217
- http://www.securityfocus.com/bid/23352
- http://www.securityfocus.com/archive/1/464880/100/0/threaded
- https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.