2 matches found
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...
CVE-2009-3582
SQL-Ledger 2.8.24 contains multiple SQL injection vulnerabilities in the delete subroutine. Remote authenticated users can execute arbitrary SQL commands via the id and possibly db parameters in a Delete action to the Vendors>Reports>Search output. Affected component: SQL-Ledger code path h...