Information Disclosure Vulnerability in FrontAccounting 2.3.1 by FrontAccounting
CVE-2011-3740

Currently unrated

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 23 September 2011

🔔 Create Frontaccounting Vulnerability Alert

What is CVE-2011-3740?

The vulnerability in FrontAccounting 2.3.1 enables remote attackers to retrieve sensitive information by sending direct requests to certain .php files. This flaw may expose the installation path of the application through error messages, as observed in files such as reporting/includes/fpdi/fpdi2tcpdf_bridge.php. Attackers can exploit this vulnerability to gain insights into the server's setup, potentially leading to further exploitation.

References

http://www.openwall.com/lists/oss-security/2011/06/27/6

mailing-listx_refsource_MLIST

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 23, 2011

CVE-2011-3740 Data

JSON