SQL-Ledger has been patched to address cross site request forgery, local file inclusion, no secure flag on cookie, default administrator password and remote SQL injection vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85621/sqlledger-xsrfsqllfi.txt
Source: https://packetstormsecurity.com/files/85621/SQL-Ledger-Cross-Site-Request-Forgery-Local-File-Inclusion-SQL-Injection.html