CVE-2007-0667 Information

Description

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects related to callbacks a different issue than CVE-2006-5872.

Reference

http://securityreason.com/securityalert/2217 http://www.securityfocus.com/archive/1/458464/100/0/threaded http://www.securityfocus.com/archive/1/459264/100/0/threaded http://www.securityfocus.com/bid/22295 http://www.vupen.com/english/advisories/2007/0407