Back to search
CVE-2007-3907
Published: Jul 19, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070718 Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
mailing-list
x_refsource_BUGTRAQ
26121
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2576
vdb-entry
x_refsource_VUPEN
20070718 Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940
mailing-list
x_refsource_BUGTRAQ
http://www.ledgersmb.org/node/52
x_refsource_CONFIRM
ledgersmb-redirection-security-bypass(35507)
vdb-entry
x_refsource_XF
24940
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now