CVE 2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
See the
CVE page on Mitre.org
for more details.