SQL Injection Vulnerabilities in FrontAccounting by FrontAccounting
CVE-2009-4037

Currently unrated

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 20 November 2009

🔔 Create Frontaccounting Vulnerability Alert

What is CVE-2009-4037?

Multiple SQL injection vulnerabilities exist in the FrontAccounting application that may allow remote attackers to execute arbitrary SQL commands. These vulnerabilities are present in multiple administrative and application files, including users_db.inc and others found within the admin, dimensions, gl, inventory, manufacturing, and purchasing directories. Proper validation of user input is not enforced, making the system susceptible to malicious SQL queries that could compromise sensitive data and system integrity. Prompt patching of affected versions is essential to mitigate these risks.

References

http://secunia.com/advisories/37327

third-party-advisoryx_refsource_SECUNIA

http://sourceforge.net/projects/frontaccounting/files/Fro...

x_refsource_CONFIRM

http://sourceforge.net/projects/frontaccounting/files/Fro...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 20, 2009

CVE-2009-4037 Data

JSON