CVE-2009-3582
EPSS 0.47%
Description
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
How to fix CVE-2009-3582
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/sql-ledger—no fix listed
Is CVE-2009-3582 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0