Vulnerabilities > CVE-2009-3584 - Configuration vulnerability in Sql-Ledger 2.8.24
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/84159/AKLINK-SA-2009-001.txt |
| id | PACKETSTORM:84159 |
| last seen | 2016-12-05 |
| published | 2009-12-22 |
| reporter | Alexander Klink |
| source | https://packetstormsecurity.com/files/84159/SQL-Ledger-XSS-XSRF-SQL-Injection-LFI.html |
| title | SQL-Ledger XSS / XSRF / SQL Injection / LFI |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37431 CVE(CAN) ID: CVE-2009-3581,CVE-2009-3582,CVE-2009-3583,CVE-2009-3584 SQL-Ledger ERP是一个企业财务和ERP系统。 SQL-Ledger中的多个安全漏洞允许攻击者执行跨站请求伪造、跨站脚本或SQL注入攻击,或绕过某些安全限制。 1) SQL-Ledger没有执行任何有效性检查便允许用户通过HTTP请求执行某些操作。 2) 由于没有正确地过滤提交给Accounts Receivables的客户名称、厂商名称和DCN描述字段,以及提交给Accounts Payable的描述字段,在用户查看恶意数据时可能导致存储式跨站脚本攻击。 3) 在搜索厂商时没有正确地过滤提交给id参数的输入,这可能导致SQL注入攻击。 4) 由于没有正确地过滤提交给Preferences的countrycode字段,远程攻击者可以通过目录遍历攻击从本地系统包含任意.pl文件。 DWS Systems Inc. SQL-Ledger 2.8.24 厂商补丁: DWS Systems Inc. ---------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.sql-ledger.org/ |
| id | SSV:15142 |
| last seen | 2017-11-19 |
| modified | 2009-12-25 |
| published | 2009-12-25 |
| reporter | Root |
| title | SQL-Ledger ERP多个输入验证和绕过安全限制漏洞 |