Remote File Inclusion Vulnerabilities in FrontAccounting by FrontAccounting
CVE-2007-5117

Currently unrated

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 27 September 2007

🔔 Create Frontaccounting Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2007-5117?

Multiple remote file inclusion vulnerabilities exist in FrontAccounting 1.13 when 'register_globals' is enabled. Attackers can leverage these flaws to execute arbitrary PHP code by manipulating the 'path_to_root' parameter in specific files such as access/login.php and includes/lang/language.php. This opens the door to unauthorized access and potential system compromise, highlighting the importance of securing configurations and updating software to mitigate such risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5117 - Proof of Concept

References

http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccount...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/36796

vdb-entryx_refsource_XF

http://secunia.com/advisories/26962

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 27, 2007
👾
Exploit known to exist
Sep 27, 2007
Vulnerability published
Sep 27, 2007
Vulnerability Reserved
Sep 27, 2007

CVE-2007-5117 Data

JSON