Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.
http://www.vupen.com/english/advisories/2006/4209
http://www.securityfocus.com/bid/20749
http://www.securityfocus.com/archive/1/464789/100/200/threaded
http://sourceforge.net/project/shownotes.php?release_id=456803