CVE-2006-4244
sql-ledger
EPSS 1.6%
Description
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
How to fix CVE-2006-4244
To remediate CVE-2006-4244, upgrade the affected package to a fixed version below.
- Debian/sql-ledger—upgrade to 2.6.18-1 or later
- Debian/sql-ledger—upgrade to 2.4.7-2sarge1 or later
Is CVE-2006-4244 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.6.18-1
- from 0, < 2.4.7-2sarge1