Vulnerability Name:

CVE-2007-1540 (CCN-33306)

Assigned:2007-03-17
Published:2007-03-17
Updated:2018-10-16
Summary:Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter.
Note: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Sat Mar 17 2007 - 23:45:25 CDT
Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSM

Source: MITRE
Type: CNA
CVE-2007-1540

Source: CCN
Type: SA24560
SQL-Ledger Unspecified Code Execution Vulnerability

Source: SECUNIA
Type: UNKNOWN
24560

Source: CCN
Type: SA24585
LedgerSMB Unspecified Code Execution Vulnerability

Source: SECUNIA
Type: UNKNOWN
24585

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965

Source: CCN
Type: SourceForge.net
LedgerSMB

Source: CONFIRM
Type: UNKNOWN
http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What's%20New

Source: OSVDB
Type: UNKNOWN
33624

Source: CCN
Type: OSVDB ID: 33624
LedgerSMB am.pl Traversal Arbitrary File Execution

Source: CCN
Type: OSVDB ID: 33625
SQL-Ledger am.pl Traversal Arbitrary File Execution

Source: BUGTRAQ
Type: UNKNOWN
20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB

Source: CCN
Type: BID-22769
SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

Source: BID
Type: UNKNOWN
23034

Source: CCN
Type: BID-23034
LedgerSMB/SQL-Ledger Login Parameter Local File Include And Authentication Bypass Vulnerabilities

Source: CCN
Type: SQL-Ledger Web site
SQL-Ledger Accounting

Source: VUPEN
Type: UNKNOWN
ADV-2007-1024

Source: VUPEN
Type: UNKNOWN
ADV-2007-1025

Source: XF
Type: UNKNOWN
sqlledger-ledgersmb-am-directory-traversal(33306)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:* (Version <= 1.1.8)
  • OR cpe:/a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:* (Version <= 2.6.27)

    • * Denotes that component is vulnerable
    BACK
    ledgersmb ledgersmb *
    sql-ledger sql-ledger *