Strix
26.1K

CVE-2007-5372

UnknownEPSS 2.41%

Last modified

CVE-2007-5372 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.. EPSS estimates a 2.41% chance of exploitation in the next 30 days.

Description

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Metrics

EPSS Probability
2.41%

82.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Dws Systems Inc.Sql-Ledger2.2.0
Dws Systems Inc.Sql-Ledger2.2.1
Dws Systems Inc.Sql-Ledger2.2.2
Dws Systems Inc.Sql-Ledger2.2.3
Dws Systems Inc.Sql-Ledger2.2.4
Dws Systems Inc.Sql-Ledger2.2.5
Dws Systems Inc.Sql-Ledger2.2.6
Dws Systems Inc.Sql-Ledger2.2.7
Dws Systems Inc.Sql-Ledger2.4.0
Dws Systems Inc.Sql-Ledger2.4.1
Dws Systems Inc.Sql-Ledger2.4.2
Dws Systems Inc.Sql-Ledger2.4.3
Dws Systems Inc.Sql-Ledger2.4.4
Dws Systems Inc.Sql-Ledger2.4.5
Dws Systems Inc.Sql-Ledger2.4.6
Dws Systems Inc.Sql-Ledger2.4.7
Dws Systems Inc.Sql-Ledger2.4.8
Dws Systems Inc.Sql-Ledger2.4.9
Dws Systems Inc.Sql-Ledger2.4.10
Dws Systems Inc.Sql-Ledger2.4.11
Dws Systems Inc.Sql-Ledger2.4.12
Dws Systems Inc.Sql-Ledger2.4.13
Dws Systems Inc.Sql-Ledger2.4.14
Dws Systems Inc.Sql-Ledger2.4.15
Dws Systems Inc.Sql-Ledger2.4.16
Dws Systems Inc.Sql-Ledger2.6.1
Dws Systems Inc.Sql-Ledger2.6.2
Dws Systems Inc.Sql-Ledger2.6.3
Dws Systems Inc.Sql-Ledger2.6.4
Dws Systems Inc.Sql-Ledger2.6.5
Dws Systems Inc.Sql-Ledger2.6.6
Dws Systems Inc.Sql-Ledger2.6.7
Dws Systems Inc.Sql-Ledger2.6.8
Dws Systems Inc.Sql-Ledger2.6.9
Dws Systems Inc.Sql-Ledger2.6.10
Dws Systems Inc.Sql-Ledger2.6.11
Dws Systems Inc.Sql-Ledger2.6.12
Dws Systems Inc.Sql-Ledger2.6.13
Dws Systems Inc.Sql-Ledger2.6.14
Dws Systems Inc.Sql-Ledger2.6.15
Dws Systems Inc.Sql-Ledger2.6.16
Dws Systems Inc.Sql-Ledger2.6.17
Dws Systems Inc.Sql-Ledger2.6.18
Dws Systems Inc.Sql-Ledger2.6.27
LedgersmbLedgersmb1.0.0
LedgersmbLedgersmb1.1.0
LedgersmbLedgersmb1.1.1
LedgersmbLedgersmb1.1.5
LedgersmbLedgersmb1.1.8
LedgersmbLedgersmb1.2.0

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-5372?
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
How severe is CVE-2007-5372?
Severity scoring for CVE-2007-5372 is pending analysis. The EPSS model estimates a 2.41% probability of exploitation in the next 30 days.
How do I fix CVE-2007-5372?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5372?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST