Vulnerabilities > Ledgersmb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-23831 | Cross-Site Request Forgery (CSRF) vulnerability in Ledgersmb LedgerSMB is a free web-based double-entry accounting system. | 7.5 |
| 2018-06-08 | CVE-2018-9246 | Improper Encoding or Escaping of Output vulnerability in multiple products The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. | 7.5 |
| 2007-03-13 | CVE-2007-1436 | Password Check vulnerability in LedgerSMB Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | 7.5 |
| 2006-10-27 | CVE-2006-5589 | SQL Injection vulnerability in Ledgersmb 1.0.0 Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. | 7.5 |