CVE-2007-1541

EPSS 0.47%

Published: 3/20/2007Modified: 4/28/2026

Description

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.

Affected packages (1)

Debian/sql-ledgerfrom 0, < 2.8.14-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1541