Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4078

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-4078
Last Modified 29 Jan 2009 01:55:23
Published 15 Sep 2008 11:14:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4078

Summary

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Dws Systems Inc. Sql-ledger

  • Dws Systems Inc. Sql-ledger 2.2.0

  • Dws Systems Inc. Sql-ledger 2.2.1

  • Dws Systems Inc. Sql-ledger 2.2.2

  • Dws Systems Inc. Sql-ledger 2.2.3

  • Dws Systems Inc. Sql-ledger 2.2.4

  • Dws Systems Inc. Sql-ledger 2.2.5

  • Dws Systems Inc. Sql-ledger 2.2.6

  • Dws Systems Inc. Sql-ledger 2.2.7

  • Dws Systems Inc. Sql-ledger 2.4.0

  • Dws Systems Inc. Sql-ledger 2.4.1

  • Dws Systems Inc. Sql-ledger 2.4.10

  • Dws Systems Inc. Sql-ledger 2.4.11

  • Dws Systems Inc. Sql-ledger 2.4.12

  • Dws Systems Inc. Sql-ledger 2.4.13

  • Dws Systems Inc. Sql-ledger 2.4.14

  • Dws Systems Inc. Sql-ledger 2.4.15

  • Dws Systems Inc. Sql-ledger 2.4.16

  • Dws Systems Inc. Sql-ledger 2.4.2

  • Dws Systems Inc. Sql-ledger 2.4.3

  • Dws Systems Inc. Sql-ledger 2.4.4

  • Dws Systems Inc. Sql-ledger 2.4.5

  • Dws Systems Inc. Sql-ledger 2.4.6

  • Dws Systems Inc. Sql-ledger 2.4.7

  • Dws Systems Inc. Sql-ledger 2.4.8

  • Dws Systems Inc. Sql-ledger 2.4.9

  • Dws Systems Inc. Sql-ledger 2.6.1

  • Dws Systems Inc. Sql-ledger 2.6.10

  • Dws Systems Inc. Sql-ledger 2.6.11

  • Dws Systems Inc. Sql-ledger 2.6.12

  • Dws Systems Inc. Sql-ledger 2.6.13

  • Dws Systems Inc. Sql-ledger 2.6.14

  • Dws Systems Inc. Sql-ledger 2.6.15

  • Dws Systems Inc. Sql-ledger 2.6.16

  • Dws Systems Inc. Sql-ledger 2.6.17

  • Dws Systems Inc. Sql-ledger 2.6.18

  • Dws Systems Inc. Sql-ledger 2.6.2

  • Dws Systems Inc. Sql-ledger 2.6.27

  • Dws Systems Inc. Sql-ledger 2.6.3

  • Dws Systems Inc. Sql-ledger 2.6.4

  • Dws Systems Inc. Sql-ledger 2.6.5

  • Dws Systems Inc. Sql-ledger 2.6.6

  • Dws Systems Inc. Sql-ledger 2.6.7

  • Dws Systems Inc. Sql-ledger 2.6.8

  • Dws Systems Inc. Sql-ledger 2.6.9

  • Ledgersmb

  • Ledgersmb 1.0.0

  • Ledgersmb 1.1.0

  • Ledgersmb 1.1.1

  • Ledgersmb 1.1.5

  • Ledgersmb 1.1.8

  • Ledgersmb 1.2.0

  • Ledgersmb 1.2.1

  • Ledgersmb 1.2.10

  • Ledgersmb 1.2.11

  • Ledgersmb 1.2.12

  • Ledgersmb 1.2.13

  • Ledgersmb 1.2.14

  • Ledgersmb 1.2.2

  • Ledgersmb 1.2.3

  • Ledgersmb 1.2.4

  • Ledgersmb 1.2.5

  • Ledgersmb 1.2.6

  • Ledgersmb 1.2.7

  • Ledgersmb 1.2.8

  • Ledgersmb 1.2.9

  • Sql-ledger

  • Sql-ledger 2.4.10

  • Sql-ledger 2.4.11

  • Sql-ledger 2.4.12

  • Sql-ledger 2.4.13

  • Sql-ledger 2.4.14

  • Sql-ledger 2.4.15

  • Sql-ledger 2.4.16

  • Sql-ledger 2.4.4

  • Sql-ledger 2.4.5

  • Sql-ledger 2.4.6

  • Sql-ledger 2.4.7

  • Sql-ledger 2.4.8

  • Sql-ledger 2.4.9

  • Sql-ledger 2.6.0

  • Sql-ledger 2.6.1

  • Sql-ledger 2.6.10

  • Sql-ledger 2.6.11

  • Sql-ledger 2.6.12

  • Sql-ledger 2.6.13

  • Sql-ledger 2.6.14

  • Sql-ledger 2.6.15

  • Sql-ledger 2.6.16

  • Sql-ledger 2.6.17

  • Sql-ledger 2.6.18

  • Sql-ledger 2.6.19

  • Sql-ledger 2.6.2

  • Sql-ledger 2.6.20

  • Sql-ledger 2.6.21

  • Sql-ledger 2.6.22

  • Sql-ledger 2.6.23

  • Sql-ledger 2.6.24

  • Sql-ledger 2.6.25

  • Sql-ledger 2.6.26

  • Sql-ledger 2.6.27

  • Sql-ledger 2.6.3

  • Sql-ledger 2.6.4

  • Sql-ledger 2.6.5

  • Sql-ledger 2.6.6

  • Sql-ledger 2.6.7

  • Sql-ledger 2.6.8

  • Sql-ledger 2.6.9

  • Sql-ledger 2.8.0

  • Sql-ledger 2.8.1

  • Sql-ledger 2.8.10

  • Sql-ledger 2.8.11

  • Sql-ledger 2.8.12

  • Sql-ledger 2.8.13

  • Sql-ledger 2.8.14

  • Sql-ledger 2.8.15

  • Sql-ledger 2.8.16

  • Sql-ledger 2.8.17

  • Sql-ledger 2.8.2

  • Sql-ledger 2.8.3

  • Sql-ledger 2.8.4

  • Sql-ledger 2.8.5

  • Sql-ledger 2.8.6

  • Sql-ledger 2.8.7

  • Sql-ledger 2.8.8

  • Sql-ledger 2.8.9


References

BID - 31109

SECUNIA - 31843

XF - ledgersmb-aptransactionreport-sql-injection(45034)

BUGTRAQ - 20080910 Multiple Vulnerabilities: LedgerSMB < 1.2.15

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978

SREASON - 4250


Last Updated: 27 May 2016 10:48:22