CVE-2006-5872
SQL-Ledger - Remote Code Execution via login.pl Script Parameter
Title source: llmDescription
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017391
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21634
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23375
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23419
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5043
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1239
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0407
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458300/100/0/threaded
Scores
EPSS
0.0170
EPSS Percentile
74.6%
Details
CWE
CWE-20
Status
published
Products (1)
dws_systems_inc./sql-ledger
2.6.27
Published
Dec 18, 2006
Tracked Since
Feb 18, 2026