CVE-2006-4731
Description
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
SQL-Ledger 2.6.x/LedgerSMB 1.0 - 'Terminal' Directory Traversal
source: https://www.securityfocus.com/bid/19960/info
SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability.
An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process.
The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.
SQL-Ledger version 2.6.18 and LedgerSMB version 1.0.0 are vulnerable to this issue.
http://www.example.com/path/login.pl?terminal=../cssOS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.6.19-1 |
| sid | Fixed | 2.6.19-1 |
| forky | Fixed | 2.6.19-1 |
| bullseye | Fixed | 2.6.19-1 |
| bookworm | Fixed | 2.6.19-1 |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.