Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger
Aug 31 2011 05:54PM
Chris Travers (chris metatrontech com)
SQL-Ledger 2.8.33 and lower
LedgerSMB 1.2.24 and lower.
Both programs have vendor fixes available in the form of new, patched
versions. These have been out for over a week with appropriate
advisories, with users having time to upgrade.
Files affected: LedgerSMB/RP.pm for Ledger...
[ more ]
Copyright 2010, SecurityFocus