Security Advisory

CVE-2006-4244

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-08-31 01:00:00

Last updated 2024-08-07 19:06:06

Assigner debian

State PUBLISHED

Description

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

← Browse all CVEs View on cve.org ↗