CVE-2007-5372

CVE-2007-5372 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.