LedgerSMB 1.7.1

CPE Details

LedgerSMB 1.7.1
ledgersmb
ledgersmb
1.7.1
2021-03-30
16h24 +00:00
2021-03-31
12h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ledgersmb:ledgersmb:1.7.1:*:*:*:*:*:*:*

Informations

Vendor

ledgersmb

Product

ledgersmb

Version

1.7.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23831 2024-02-02
15h34 +00:00		 LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.
7.5
High
CVE-2021-3731 2021-08-23
10h42 +00:00		 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
5.9
Medium
CVE-2021-3694 2021-08-23
10h41 +00:00		 LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
9.6
Critical
CVE-2021-3693 2021-08-23
10h41 +00:00		 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
9.6
Critical