CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

Published: Dec 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5872
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
dws_systems_inc. / sql-ledger	2.6.27	2.6.27.x

http://secunia.com/advisories/23375
http://secunia.com/advisories/23419
http://securitytracker.com/id?1017391
http://www.debian.org/security/2006/dsa-1239
http://www.securityfocus.com/archive/1/458300/100/0/threaded
http://www.securityfocus.com/bid/21634
http://www.vupen.com/english/advisories/2006/5043
http://www.vupen.com/english/advisories/2007/0407

Vulnerability Database

CVE-2006-5872