CVE-2006-4244

Sql-ledger - Authentication Bypass

Title source: rule

Description

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

References (7)

Scores

EPSS 0.0164
EPSS Percentile 81.7%

Classification

CWE
CWE-287
Status draft

Affected Products (31)

sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
sql-ledger/sql-ledger
... and 16 more

Timeline

Published Aug 31, 2006
Tracked Since Feb 18, 2026