CVE-2007-3907
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
| Software | From | Fixed in |
|---|---|---|
| ledgersmb / ledgersmb | 1.2.3 | 1.2.3.x |
| ledgersmb / ledgersmb | 1.2.5 | 1.2.5.x |
| ledgersmb / ledgersmb | 1.2.2 | 1.2.2.x |
| ledgersmb / ledgersmb | 1.2.6 | 1.2.6.x |
| ledgersmb / ledgersmb | 1.2.0 | 1.2.0.x |
| ledgersmb / ledgersmb | 1.2.1 | 1.2.1.x |
| ledgersmb / ledgersmb | 1.2.4 | 1.2.4.x |
- http://secunia.com/advisories/26121
- http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
- http://www.ledgersmb.org/node/52
- http://www.securityfocus.com/archive/1/473987/100/0/threaded
- http://www.securityfocus.com/archive/1/473993/100/0/threaded
- http://www.securityfocus.com/bid/24940
- http://www.vupen.com/english/advisories/2007/2576
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35507
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime