Vulnerabilities > Ledgersmb > Ledgersmb > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-11 | CVE-2007-5372 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | 10.0 |
| 2007-03-13 | CVE-2007-1437 | Remote Security vulnerability in LedgerSMB Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | 9.0 |
| 2007-03-13 | CVE-2007-1436 | Password Check vulnerability in LedgerSMB Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | 7.5 |
| 2006-10-27 | CVE-2006-5589 | SQL Injection vulnerability in Ledgersmb 1.0.0 Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. | 7.5 |