CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...