CVE-2007-0667 - Vulnerability Details - OpenCVE

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ledgersmb	Ledgersmb
Sql-ledger	Sql-ledger

Configuration 1 [-]

OR	cpe:2.3:a:ledgersmb:ledgersmb::::::::
	cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:::::::*
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:::::::*
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:::::::*
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:::::::*
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:::::::*
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:::::::*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2217
http://www.securityfocus.com/archive/1/458464/100/0/threaded
http://www.securityfocus.com/archive/1/459264/100/0/threaded
http://www.securityfocus.com/bid/22295
http://www.vupen.com/english/advisories/2007/0407

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-02T21:00:00

Updated: 2024-08-07T12:26:54.297Z

Reserved: 2007-02-02T00:00:00

Link: CVE-2007-0667

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-02-02T21:28:00.000

Modified: 2024-11-21T00:26:26.750

Link: CVE-2007-0667

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"}, {"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"}, {"name": "2217", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2217"}, {"name": "ADV-2007-0407", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0407"}, {"name": "22295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22295"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"}, {"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"}, {"name": "2217", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2217"}, {"name": "ADV-2007-0407", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0407"}, {"name": "22295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22295"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.297Z"}, "title": "CVE Program Container", "references": [{"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"}, {"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"}, {"name": "2217", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2217"}, {"name": "ADV-2007-0407", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0407"}, {"name": "22295", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22295"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0667", "datePublished": "2007-02-02T21:00:00", "dateReserved": "2007-02-02T00:00:00", "dateUpdated": "2024-08-07T12:26:54.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "17E0DA0F-6168-4BAD-8CA1-F867886A6546", "versionEndIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E93E88F3-AAB8-424A-909D-187490A569DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "12BFEF80-BCC4-44BC-A7B6-D688F1688A96", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "FD7E5E53-3B67-46CA-A85F-37A93958A4BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "BD66FE58-EF0E-4F02-9FDB-8AB5C715FCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "DD3EDFA2-8A21-4331-9715-3204DAA22845", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*", "matchCriteriaId": "7EC85020-344F-4B75-A79E-CA190FD8D335", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."}, {"lang": "es", "value": "La funci\u00f3n redirect en el archivo Form.pm para (1) LedgerSMB anterior a la versi\u00f3n 1.1.5 y (2) SQL-Ledger permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de redireccionamientos, relacionados con callbacks, un problema diferente de CVE-2006-5872."}], "id": "CVE-2007-0667", "lastModified": "2024-11-21T00:26:26.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-02T21:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2217"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22295"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0407"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}