{
  "modified": "2025-08-09T19:01:26Z",
  "published": "2008-09-15T15:14:07Z",
  "id": "CVE-2008-4078",
  "details": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/31843"
    },
    {
      "type": "ADVISORY",
      "url": "http://securityreason.com/securityalert/4250"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.securityfocus.com/bid/31109"
    },
    {
      "type": "ADVISORY",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/31843"
    },
    {
      "type": "FIX",
      "url": "http://www.securityfocus.com/bid/31109"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
    }
  ]
}