CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.17:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.18:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*

Information

Published : 2006-08-30 18:04

Updated : 2018-10-17 14:34


NVD link : CVE-2006-4244

Mitre link : CVE-2006-4244


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

sql-ledger

  • sql-ledger