CVE-2006-4244

2006-08-30T21:04:00
ID CVE-2006-4244
Type cve
Reporter NVD
Modified 2018-10-17T17:34:05

Description

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.