CVE-2006-5872

SQL-Ledger - Remote Code Execution via login.pl Script Parameter

Title source: llm
STIX 2.1

Description

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017391
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21634
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23375
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23419
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5043
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1239
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0407
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458300/100/0/threaded

Scores

EPSS 0.0170
EPSS Percentile 74.6%

Details

CWE
CWE-20
Status published
Products (1)
dws_systems_inc./sql-ledger 2.6.27
Published Dec 18, 2006
Tracked Since Feb 18, 2026