CVE-2006-5589 Information

Description

Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm (2) AM.pm and (3) Form.pm.

Reference

http://secunia.com/advisories/22483 http://sourceforge.net/project/shownotes.php?release_id=456803 http://www.securityfocus.com/archive/1/464789/100/200/threaded http://www.securityfocus.com/bid/20749 http://www.vupen.com/english/advisories/2006/4209