Your submission was sent successfully! Close

CVE-2007-1329

Published: 7 March 2007

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.

Priority

Medium

Status

Package Release Status
sql-ledger
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Ignored
(reached end-of-life)
disco Does not exist

edgy Needed
(reached end-of-life)
eoan Does not exist

feisty Needed
(reached end-of-life)
focal Does not exist

groovy Does not exist

gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
hirsute Does not exist

impish Does not exist

intrepid Needed
(reached end-of-life)
jammy Does not exist

jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was needed)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)