CVE-2007-1540
published 2007-03-20CVE-2007-1540: Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
4.94%
91.1th percentile
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sql-ledger | < sql-ledger 2.8.14-1 (bookworm) | sql-ledger 2.8.14-1 (bookworm) |
| ledgersmb | ledgersmb | <= 1.1.8 | — |
| sql-ledger | sql-ledger | <= 2.6.27 | — |
| sql-ledger | sql-ledger | >= 0 < 2.8.14-1 | 2.8.14-1 |
| sql-ledger | sql-ledger | >= 0 < 2.8.14-1 | 2.8.14-1 |
| sql-ledger | sql-ledger | >= 0 < 2.8.14-1 | 2.8.14-1 |
| sql-ledger | sql-ledger | >= 0 < 2.8.14-1 | 2.8.14-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-1540: sql-ledger - Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier,...
vendor_debian·2007·CVSS 4.3
CVE-2007-1540 [MEDIUM] CVE-2007-1540: sql-ledger - Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier,...
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
Scope: local
bookworm: resolved (fixed in 2.8.14-1)
bullseye: resolved (fixed in 2.8.14-1)
forky: resolved (fixed in 2.8.14-1)
sid: resolved (fixed in 2.8.14-1)
trixie: resolved (fixed in 2.8.14-1)
GHSA
GHSA-6r5q-24m9-x8j7: Directory traversal vulnerability in am
ghsa_unreviewed·2022-05-01
CVE-2007-1540 [MEDIUM] GHSA-6r5q-24m9-x8j7: Directory traversal vulnerability in am
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
OSV
CVE-2007-1540: Directory traversal vulnerability in am
osv·2007-03-20·CVSS 4.3
CVE-2007-1540 [MEDIUM] CVE-2007-1540: Directory traversal vulnerability in am
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/24560http://secunia.com/advisories/24585http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20Newhttp://www.osvdb.org/33624http://www.securityfocus.com/archive/1/463175/100/0/threadedhttp://www.securityfocus.com/bid/23034http://www.vupen.com/english/advisories/2007/1024http://www.vupen.com/english/advisories/2007/1025http://secunia.com/advisories/24560http://secunia.com/advisories/24585http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20Newhttp://www.osvdb.org/33624http://www.securityfocus.com/archive/1/463175/100/0/threadedhttp://www.securityfocus.com/bid/23034http://www.vupen.com/english/advisories/2007/1024http://www.vupen.com/english/advisories/2007/1025
2007-03-20
Published