FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sql-ledger -- multiple vulnerabilities

Affected packages
sql-ledger < 2.6.22


VuXML ID 0679deeb-8eaf-11db-abc9-0003476f14d3
Discovery 2006-12-17
Entry 2006-12-18

The Debian security Team reports:

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Chris Travers discovered that the session management can be tricked into hijacking existing sessions.

Chris Travers discovered that directory traversal vulnerabilities can be exploited to execute arbitrary Perl code.

It was discovered that missing input sanitising allows execution of arbitrary Perl code.


CVE Name CVE-2006-4244
CVE Name CVE-2006-4731
CVE Name CVE-2006-5872