{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2006-09-13T00:07:00Z",
  "id": "CVE-2006-4731",
  "details": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/21824"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/21886"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2006/3554"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2006/3555"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/21824"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/21886"
    },
    {
      "type": "FIX",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1553"
    },
    {
      "type": "WEB",
      "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19960"
    },
    {
      "type": "WEB",
      "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
    }
  ]
}