SQL Injection Vulnerability in FrontAccounting by FrontAccounting
CVE-2019-5720

9.8CRITICAL

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 8 January 2019

🔔 Create Frontaccounting Vulnerability Alert

What is CVE-2019-5720?

A SQL Injection vulnerability exists in the reference field of the includes/db/class.reflines_db.inc file in FrontAccounting 2.4.6. This flaw allows an attacker to manipulate the void_transaction.php filterType parameter, potentially leading to unauthorized access to the entire database. Exploitation of this vulnerability could result in severe data breaches and compromise the integrity of sensitive information stored within the application.

References

https://github.com/FrontAccountingERP/FA/issues/38

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 8, 2019

CVE-2019-5720 Data

JSON