CVE-2007-1923

NameCVE-2007-1923
Description(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs409703

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sql-ledger (PTS)jessie3.0.6-2vulnerable
stretch3.0.8-1vulnerable
sid, trixie, buster, bullseye, bookworm3.2.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sql-ledgersource(unstable)(unfixed)unimportant409703

Search for package or bug name: Reporting problems