Bugtraq mailing list archives
SQL-Ledger patch update for SQL injection
From: Chris Travers <chris () metatrontech com>
Date: Wed, 24 Aug 2011 07:45:23 -0700
Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for LedgerSMB. I expect to send a full disclosure email discussing the vulnerability in a week. Best Wishes, Chris Travers
Current thread:
- SQL-Ledger patch update for SQL injection Chris Travers (Aug 25)