SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Sql-ledger |
Dws_systems_inc. |
* |
2.4.3 |
References