BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger Aug 31 2011 05:54PM
Chris Travers (chris metatrontech com)
Affects versions:
SQL-Ledger 2.8.33 and lower
LedgerSMB 1.2.24 and lower.

Both programs have vendor fixes available in the form of new, patched
versions. These have been out for over a week with appropriate
advisories, with users having time to upgrade.

Files affected: LedgerSMB/RP.pm for Ledger...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus