{ "schema_version": "1.4.0", "id": "GHSA-r9w9-4622-fw8f", "modified": "2025-04-03T04:40:24Z", "published": "2022-05-01T07:21:21Z", "aliases": [ "CVE-2006-4731" ], "details": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4731" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885" }, { "type": "WEB", "url": "http://secunia.com/advisories/21824" }, { "type": "WEB", "url": "http://secunia.com/advisories/21886" }, { "type": "WEB", "url": "http://securityreason.com/securityalert/1553" }, { "type": "WEB", "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778" }, { "type": "WEB", "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/19960" }, { "type": "WEB", "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New" }, { "type": "WEB", "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/3554" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/3555" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2006-09-13T00:07:00Z" } }