Lucene search

[email protected]CVE-2007-1541

HistoryMar 20, 2007 - 10:19 p.m.

CVE-2007-1541

2007-03-2022:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1541

directory traversal

sql-ledger

remote attack

authentication bypass

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a … (dot dot) sequence in the login parameter.

CPENameOperatorVersion
sql-ledger:sql-ledgersql-ledgereq2.6.27

CPE	Name	Operator	Version
sql-ledger:sql-ledger	sql-ledger	eq	2.6.27

References

secunia.com/advisories/24560

sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New

www.securityfocus.com/archive/1/463175/100/0/threaded

www.securityfocus.com/bid/23034

www.vupen.com/english/advisories/2007/1025

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2007-1541

prion1 ubuntucve1 debiancve1 securityvulns1