CVE-2006-4244

Опубликовано: 31 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.17:*:*:*:*:*:*:*

cpe:2.3:a:sql-ledger:sql-ledger:2.8.18:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01337

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2006-4244

ubuntu

около 19 лет назад

CVE-2006-4244

debian

около 19 лет назад

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...

GHSA-v76g-p5xj-4qm7

github

больше 3 лет назад

EPSS

Процентиль: 79%

0.01337

Низкий

7.5 High

CVSS2

Дефекты

CWE-287