Описание
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3907
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35507
- http://secunia.com/advisories/26121
- http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
- http://www.ledgersmb.org/node/52
- http://www.securityfocus.com/archive/1/473987/100/0/threaded
- http://www.securityfocus.com/archive/1/473993/100/0/threaded
- http://www.securityfocus.com/bid/24940
- http://www.vupen.com/english/advisories/2007/2576
EPSS
CVE ID
Связанные уязвимости
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
EPSS