11 lines
No EOL
628 B
Text
Executable file
11 lines
No EOL
628 B
Text
Executable file
source: http://www.securityfocus.com/bid/19960/info
|
|
|
|
SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability.
|
|
|
|
An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process.
|
|
|
|
The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.
|
|
|
|
SQL-Ledger version 2.6.18 and LedgerSMB version 1.0.0 are vulnerable to this issue.
|
|
|
|
http://www.example.com/path/login.pl?terminal=../css |