CVE-2007-1923

Description

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

How to fix CVE-2007-1923

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/sql-ledger—no fix listed

Is CVE-2007-1923 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1923