Ledgersmb Security Vulnerabilities and Issues — Ledgersmb CVE List

Lucene search

LedgersmbLedgersmb

4 matches found

CVE•added 2021/08/23 1:15 p.m.•68 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS9AI score0.01759EPSS

CVE•added 2021/08/23 1:15 p.m.•55 views

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS8.8AI score0.00625EPSS

CVE•added 2007/03/13 7:19 p.m.•40 views

CVE-2007-1437

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

9CVSS6.8AI score0.00727EPSS

CVE•added 2018/06/08 1:29 a.m.•31 views

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerabi...

9.8CVSS9.7AI score0.01022EPSS