Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5372

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5372
Last Modified 07 Mar 2011 10:00:35
Published 11 Oct 2007 06:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5372

Summary

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Vulnerable Systems

Application

  • Dws Systems Inc. Sql-ledger 2.2.0

  • Dws Systems Inc. Sql-ledger 2.2.1

  • Dws Systems Inc. Sql-ledger 2.2.2

  • Dws Systems Inc. Sql-ledger 2.2.3

  • Dws Systems Inc. Sql-ledger 2.2.4

  • Dws Systems Inc. Sql-ledger 2.2.5

  • Dws Systems Inc. Sql-ledger 2.2.6

  • Dws Systems Inc. Sql-ledger 2.2.7

  • Dws Systems Inc. Sql-ledger 2.4.0

  • Dws Systems Inc. Sql-ledger 2.4.1

  • Dws Systems Inc. Sql-ledger 2.4.10

  • Dws Systems Inc. Sql-ledger 2.4.11

  • Dws Systems Inc. Sql-ledger 2.4.12

  • Dws Systems Inc. Sql-ledger 2.4.13

  • Dws Systems Inc. Sql-ledger 2.4.14

  • Dws Systems Inc. Sql-ledger 2.4.15

  • Dws Systems Inc. Sql-ledger 2.4.16

  • Dws Systems Inc. Sql-ledger 2.4.2

  • Dws Systems Inc. Sql-ledger 2.4.3

  • Dws Systems Inc. Sql-ledger 2.4.4

  • Dws Systems Inc. Sql-ledger 2.4.5

  • Dws Systems Inc. Sql-ledger 2.4.6

  • Dws Systems Inc. Sql-ledger 2.4.7

  • Dws Systems Inc. Sql-ledger 2.4.8

  • Dws Systems Inc. Sql-ledger 2.4.9

  • Dws Systems Inc. Sql-ledger 2.6.1

  • Dws Systems Inc. Sql-ledger 2.6.10

  • Dws Systems Inc. Sql-ledger 2.6.11

  • Dws Systems Inc. Sql-ledger 2.6.12

  • Dws Systems Inc. Sql-ledger 2.6.13

  • Dws Systems Inc. Sql-ledger 2.6.14

  • Dws Systems Inc. Sql-ledger 2.6.15

  • Dws Systems Inc. Sql-ledger 2.6.16

  • Dws Systems Inc. Sql-ledger 2.6.17

  • Dws Systems Inc. Sql-ledger 2.6.18

  • Dws Systems Inc. Sql-ledger 2.6.2

  • Dws Systems Inc. Sql-ledger 2.6.27

  • Dws Systems Inc. Sql-ledger 2.6.3

  • Dws Systems Inc. Sql-ledger 2.6.4

  • Dws Systems Inc. Sql-ledger 2.6.5

  • Dws Systems Inc. Sql-ledger 2.6.6

  • Dws Systems Inc. Sql-ledger 2.6.7

  • Dws Systems Inc. Sql-ledger 2.6.8

  • Dws Systems Inc. Sql-ledger 2.6.9

  • Ledgersmb 1.0.0

  • Ledgersmb 1.1.0

  • Ledgersmb 1.1.1

  • Ledgersmb 1.1.5

  • Ledgersmb 1.1.8

  • Ledgersmb 1.2.0

  • Ledgersmb 1.2.1

  • Ledgersmb 1.2.2

  • Ledgersmb 1.2.3

  • Ledgersmb 1.2.4

  • Ledgersmb 1.2.5

  • Ledgersmb 1.2.6

  • Ledgersmb 1.2.7


References

VUPEN - ADV-2007-3453

BUGTRAQ - 20071009 LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues

OSVDB - 37866

OSVDB - 37865

XF - sqlledger-unspecified-sql-injection(37033)

XF - ledgersmb-unspecified-sql-injection(37032)

BID - 25979

CONFIRM - http://www.ledgersmb.org/node/54

SREASON - 3209

SECUNIA - 27171

SECUNIA - 27159


Last Updated: 27 May 2016 10:46:09