Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.Referenceshttp://secunia.com/advisories/22483http://sourceforge.net/project/shownotes.php?release_id=456803http://www.vupen.com/english/advisories/2006/4209http://www.securityfocus.com/archive/1/464789/100/200/threadedhttp://www.securityfocus.com/bid/20749
