CVE-2006-4244

CVE-2006-4244 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Learn more about our User Device Pen Test.