Directory Traversal Vulnerability in FrontAccounting by FrontAccounting ERP
CVE-2020-21244

4.9MEDIUM

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 30 September 2020

🔔 Create Frontaccounting Vulnerability Alert

What is CVE-2020-21244?

A Directory Traversal vulnerability has been identified in FrontAccounting version 2.4.7, allowing unauthorized access to sensitive directory contents. This issue arises in the admin/inst_lang.php file, where an attacker can exploit the flaw to manipulate file paths and potentially empty folders. It is critical for users of this version to assess their systems and implement necessary security measures to mitigate risks.

References

https://github.com/FrontAccountingERP/FA/issues/40

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Aug 13, 2020

CVE-2020-21244 Data

JSON