CVE-2007-1540 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ledgersmb	Ledgersmb
Sql-ledger	Sql-ledger

Configuration 1 [-]

OR	cpe:2.3:a:ledgersmb:ledgersmb::::::::
	cpe:2.3:a:sql-ledger:sql-ledger::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/24560
http://secunia.com/advisories/24585
http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965
http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
http://www.osvdb.org/33624
http://www.securityfocus.com/archive/1/463175/100/0/threaded
http://www.securityfocus.com/bid/23034
http://www.vupen.com/english/advisories/2007/1024
http://www.vupen.com/english/advisories/2007/1025

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-20T22:00:00

Updated: 2024-08-07T12:59:08.628Z

Reserved: 2007-03-20T00:00:00

Link: CVE-2007-1540

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-20T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1540

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24560", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24560"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965"}, {"name": "33624", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33624"}, {"name": "ADV-2007-1024", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1024"}, {"name": "ADV-2007-1025", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1025"}, {"name": "24585", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24585"}, {"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"}, {"name": "23034", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23034"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1540", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24560"}, {"name": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What's%20New", "refsource": "CONFIRM", "url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What's%20New"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965"}, {"name": "33624", "refsource": "OSVDB", "url": "http://www.osvdb.org/33624"}, {"name": "ADV-2007-1024", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1024"}, {"name": "ADV-2007-1025", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1025"}, {"name": "24585", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24585"}, {"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"}, {"name": "23034", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23034"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:59:08.628Z"}, "title": "CVE Program Container", "references": [{"name": "24560", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24560"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965"}, {"name": "33624", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/33624"}, {"name": "ADV-2007-1024", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1024"}, {"name": "ADV-2007-1025", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1025"}, {"name": "24585", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24585"}, {"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"}, {"name": "23034", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23034"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1540", "datePublished": "2007-03-20T22:00:00", "dateReserved": "2007-03-20T00:00:00", "dateUpdated": "2024-08-07T12:59:08.628Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F7858BB-0570-4E97-BB32-536D30DC4525", "versionEndIncluding": "1.1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2FBBC0F-B7B2-44BB-9126-FE55DD095273", "versionEndIncluding": "2.6.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en el archivo am.pl en (1) SQL-Ledger versi\u00f3n 2.6.27 y anteriores, y (2) LedgerSMB anterior a la versi\u00f3n 1.2.0, permite a los atacantes remotos correr ejecutables arbitrarios y omitir autenticaci\u00f3n mediante una secuencia .. (punto punto) y al final NULL (%00) en el par\u00e1metro login. NOTA: este problema se solucion\u00f3 en SQL-Ledger versi\u00f3n 2.6.27, sin embargo, los investigadores externos afirman que el archivo todav\u00eda se ejecuta, aunque se genera un error."}], "id": "CVE-2007-1540", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-20T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24560"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24585"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965"}, {"source": "cve@mitre.org", "url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33624"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23034"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1024"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/33624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1025"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}