CVE-2006-4731

Description

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

How to fix CVE-2006-4731

To remediate CVE-2006-4731, upgrade the affected package to a fixed version below.

• Debian/sql-ledger—upgrade to 2.6.19-1 or later

Is CVE-2006-4731 being exploited?

Moderate — EPSS is 16.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.6.19-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4731