Описание
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37033
- http://osvdb.org/37865
- http://osvdb.org/37866
- http://secunia.com/advisories/27159
- http://secunia.com/advisories/27171
- http://securityreason.com/securityalert/3209
- http://www.ledgersmb.org/node/54
- http://www.securityfocus.com/archive/1/481866/100/0/threaded
- http://www.securityfocus.com/bid/25979
- http://www.vupen.com/english/advisories/2007/3453
Связанные уязвимости
nvd
около 18 лет назад
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
debian
около 18 лет назад
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...