SQL-Ledger patch update for SQL injection Aug 24 2011 02:45PM
Chris Travers (chris metatrontech com)
Hi all;

We have been informed that SQL-Ledger 2.8.34 has in fact been released
patching the security hole previously reported in LedgerSMB 1.2.24 and
Lower. This is an SQL injection issue.

I haven't been been able to find a CVE listing for this yet. Secunia
has assigned this the id of SA45649 for LedgerSMB. I expect to send a
full disclosure email discussing the vulnerability in a week.

Best Wishes,
Chris Travers

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus