Lucene search

[email protected]CVE-2008-4078

HistorySep 15, 2008 - 3:14 p.m.

CVE-2008-4078

2008-09-1515:14:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4078

sql injection

ledgersmb

sql-ledger

vulnerability

nvd

remote authenticated users

arbitrary sql commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

ledgersmbledgersmbRange<1.2.15

sql-ledgersql-ledgerRange≤2.8.17

CPENameOperatorVersion
ledgersmb:ledgersmbledgersmblt1.2.15
sql-ledger:sql-ledgersql-ledgerle2.8.17

CPE	Name	Operator	Version
ledgersmb:ledgersmb	ledgersmb	lt	1.2.15
sql-ledger:sql-ledger	sql-ledger	le	2.8.17

References

secunia.com/advisories/31843

securityreason.com/securityalert/4250

sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978

www.securityfocus.com/archive/1/496181/100/0/threaded

www.securityfocus.com/bid/31109

exchange.xforce.ibmcloud.com/vulnerabilities/45034

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2008-4078

nvd1 ubuntucve1 prion1 debiancve1 cvelist1