SQL-Ledger/LedgerSMB Terminal Parameter Directory Traversal Vulnerability

Bugtraq ID:	19960
Class:	Input Validation Error
CVE:	CVE-2006-4731
Remote:	Yes
Local:	No
Published:	Sep 12 2006 12:00AM
Updated:	Jan 25 2007 04:26PM
Credit:	Chris Murtagh and Richard Patterson of Quickhelp are credited with the discovery of this vulnerability.
Vulnerable:	SQL-Ledger SQL-Ledger 2.6.18 SQL-Ledger SQL-Ledger 2.6.17 LedgerSMB LedgerSMB 1.0 Debian Linux 3.1

Not Vulnerable:	SQL-Ledger SQL-Ledger 2.6.19 LedgerSMB LedgerSMB 1.0 p1