Vulnerabilities > Ledgersmb > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-11 | CVE-2007-5372 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | 10.0 |
| 2007-07-19 | CVE-2007-3907 | Authentication Bypass vulnerability in LedgerSMB Login.PL Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action. | 10.0 |
| 2007-03-13 | CVE-2007-1437 | Remote Security vulnerability in LedgerSMB Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | 9.0 |
| 2007-03-07 | CVE-2007-1329 | Directory Traversal vulnerability in LedgerSMB Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . | 10.0 |