Multiple SQL Injection Vulnerabilities in FrontAccounting by FrontAccounting
CVE-2009-4046

Currently unrated

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 20 November 2009

🔔 Create Frontaccounting Vulnerability Alert

What is CVE-2009-4046?

FrontAccounting versions 2.2.x prior to 2.2 RC are susceptible to multiple SQL injection vulnerabilities that could allow remote attackers to execute arbitrary SQL commands. These vulnerabilities can be exploited via unspecified parameters in various scripts, including bank_accounts.php, currencies.php, and several database-related files in the includes/db/ directory. Successful exploitation of these vulnerabilities may lead to unauthorized access to sensitive data, manipulation of the database, or complete compromise of the affected application.

References

http://sourceforge.net/projects/frontaccounting/files/Fro...

x_refsource_CONFIRM

http://frontaccounting.net/wb3/pages/posts/release-2.2-rc...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/3223

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 20, 2009

CVE-2009-4046 Data

JSON