Several remote vulnerabilities have been discovered in SQL
Ledger, a web based double-entry accounting program, which may
lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following
problems:
Chris Travers discovered that the session management can be
tricked into hijacking existing sessions.
Chris Travers discovered that directory traversal
vulnerabilities can be exploited to execute arbitrary Perl
code.
It was discovered that missing input sanitising allows
execution of arbitrary Perl code.