CVE-2008-4078

CVSS V2 Medium 6.5 CVSS V3 None

Description

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Overview

CVE ID
CVE-2008-4078

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2008-09-15T15:14:07

Last Modified Date
2018-10-11T20:50:42

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:dws_systems_inc.:sql-ledger::::::::	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:::::::*	1	OR
cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb::::::::	1	OR
cpe:2.3:a:ledgersmb:ledgersmb::::::::	1	OR	1.2.14
cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.1.8:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.8:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.9:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.10:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.11:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.12:::::::*	1	OR
cpe:2.3:a:ledgersmb:ledgersmb:1.2.13:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger::::::::	1	OR
cpe:2.3:a:sql-ledger:sql-ledger::::::::	1	OR	2.8.17
cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:::::::*	1	OR
cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6.5

Severity
MEDIUM

Exploitability Score
8

Impact Score
6.4

References

Reference URL	Reference Tags
http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978
http://secunia.com/advisories/31843	Patch Vendor Advisory
http://www.securityfocus.com/bid/31109	Patch
http://securityreason.com/securityalert/4250
https://exchange.xforce.ibmcloud.com/vulnerabilities/45034
http://www.securityfocus.com/archive/1/496181/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-4078
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4078

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:27:54				Added to TrackCVE