LedgerSMB Form.pm Unspecified SQL Injection

2006-10-25T08:03:44
ID OSVDB:30058
Type osvdb
Reporter OSVDB
Modified 2006-10-25T08:03:44

Description

Solution Description

Upgrade to version 1.2 Technical Preview 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.ledgersmb.org/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=456803 Secunia Advisory ID:22483 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0102.html FrSIRT Advisory: ADV-2006-4209 CVE-2006-5589 Bugtraq ID: 20749