CVE-2007-1541

描述

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.

受影響套件(1)

• Debian/sql-ledgerfrom 0, < 2.8.14-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1541