CVE-2007-3907

CVE-2007-3907 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Learn more about our User Device Pen Test.