QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1923

Published: Apr 10, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

sqlledger-acl-weak-security(33494)

vdb-entry

third-party-advisory

vdb-entry

vdb-entry

20070406 ACLS ineffective in SQL-Ledger and LedgerSMB

mailing-list

https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.