Vulnerability Details : CVE-2006-4731
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2006-4731
Probability of exploitation activity in the next 30 days: 1.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4731
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-4731
-
http://www.vupen.com/english/advisories/2006/3555
- http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New
-
http://www.securityfocus.com/bid/19960
-
http://www.vupen.com/english/advisories/2006/3554
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28885
-
http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778
Patch
-
http://www.securityfocus.com/archive/1/445817/100/0/threaded
-
http://securityreason.com/securityalert/1553
-
http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69
Products affected by CVE-2006-4731
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*