LedgerSMB 1.3.29

CPE Details

LedgerSMB 1.3.29
ledgersmb
ledgersmb
1.3.29
2021-03-30
16h24 +00:00
2021-03-31
12h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ledgersmb:ledgersmb:1.3.29:*:*:*:*:*:*:*

Informations

Vendor

ledgersmb

Product

ledgersmb

Version

1.3.29

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23831 2024-02-02 15h34 +00:00 LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.
7.5
High
CVE-2021-3731 2021-08-23 10h42 +00:00 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
5.9
Medium
CVE-2021-3694 2021-08-23 10h41 +00:00 LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
9.6
Critical