Another security issue has been found in LedgerSMB versions 1.1.5 and below and all versions of SQL-Ledger which allows an attacker to engage in directory transversal, retrieval of sensitive information, user account fabrication, or even arbitrary code execution.
92c29f7115d1ad3119189f3c9d9a8812b23ba13320ea31a997a5207f3c9403f2