|
|
CVE Reference: CVE-2006-4244 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4244 |
|
|
Description: SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28671 SREASON http://securityreason.com/securityalert/1472 SAID Secunia Advisory: SA21689 CONFIRM http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New BUGTRAQ http://www.securityfocus.com/archive/1/445512 http://www.securityfocus.com/archive/1/archive/1/444741/100/0/threaded BID 19758 |
|
| Return to the previous page. |
