Detections
Analytics

LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities

high Nessus Plugin ID 24783

Language:

Synopsis

The remote web server contains a Perl application that is affected by multiple issues.

Description

The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system.

The version of LedgerSMB or SQL-Ledger on the remote host fails to properly sanitize the 'file' parameter of the 'am.pl' script before using it in various template routines in the 'AM.pm' module. An unauthenticated attacker can leverage this issue to display the contents of arbitrary files or write user-supplied data to arbitrary files on the remote host subject to the privileges of the web server user id.

Solution

If using LedgerSMB, upgrade to 1.1.5 or later. At this time, there is no known solution for SQL-Ledger.

See Also

https://www.securityfocus.com/archive/1/461630/30/0/threaded

Plugin Details

Severity: High

ID: 24783

File Name: ledgersmb_file_vulns.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 3/9/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ledgersmb:ledgersmb

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 22769