VYPR

Fa

by Frontaccounting

Source repositories

CVEs (4)

  • CVE-2019-5720CriJan 8, 2019
    risk 0.64cvss 9.8epss 0.02

    includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.

  • CVE-2018-7176HigFeb 16, 2018
    risk 0.60cvss 8.8epss 0.02

    FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

  • CVE-2018-1000890HigDec 28, 2018
    risk 0.49cvss 7.5epss 0.02

    FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.

  • CVE-2020-21244MedSep 30, 2020
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.