CVE-2006-5589

Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.

Published: Oct 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5589
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ledgersmb / ledgersmb	1.0.0	1.0.0.x
ledgersmb / ledgersmb	-	1.1.0.x

http://secunia.com/advisories/22483
http://sourceforge.net/project/shownotes.php?release_id=456803
http://www.securityfocus.com/archive/1/464789/100/200/threaded
http://www.securityfocus.com/bid/20749
http://www.vupen.com/english/advisories/2006/4209

Vulnerability Database

CVE-2006-5589