CVE-2006-4731

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Date published : 2006-09-12

http://www.securityfocus.com/bid/19960

http://www.securityfocus.com/archive/1/445817/100/0/threaded