2006-09-14 21:00:00
mitre
PUBLISHED
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.