LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass

EDB-ID:

29761




Platform:

CGI

Date:

2007-03-19


source: https://www.securityfocus.com/bid/23034/info

LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerability.

A successful exploit would allow an attacker to view files and execute arbitrary local scripts within the context of the webserver and potentially gain unauthorized access to the affected application.

Note that the authentication-bypass issue affects only SQL-Ledger.

These issues affect LedgerSMB prior to 1.1.10 and SQL-Ledger prior to 2.6.27.

http://www.example.com/sql-ledger/am.pl?login=../../../home/user/foo.pl%00&action=add_department