Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 up to and including 1.2.6 allows remote malicious users to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ledgersmb ledgersmb 1.2.6 |
||
ledgersmb ledgersmb 1.2.0 |
||
ledgersmb ledgersmb 1.2.1 |
||
ledgersmb ledgersmb 1.2.2 |
||
ledgersmb ledgersmb 1.2.3 |
||
ledgersmb ledgersmb 1.2.4 |
||
ledgersmb ledgersmb 1.2.5 |