Sql-Ledger: >> Sql-Ledger >> 2.4.14 Security Vulnerabilities
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
CVSS Score
7.5
EPSS Score
0.008
Published
2007-03-13
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
CVSS Score
7.5
EPSS Score
0.013
Published
2006-08-31