Vulnerabilities > Frontaccounting

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2020-21244	Path Traversal vulnerability in Frontaccounting 2.4.7 An issue was discovered in FrontAccounting 2.4.7. network low complexity frontaccounting CWE-22	4.9
2019-01-08	CVE-2019-5720	SQL Injection vulnerability in Frontaccounting 2.4.6 includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. network low complexity frontaccounting CWE-89 critical	9.8
2018-12-28	CVE-2018-1000890	SQL Injection vulnerability in Frontaccounting 2.4.5 FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. network low complexity frontaccounting CWE-89	7.5
2018-02-16	CVE-2018-7176	Cross-Site Request Forgery (CSRF) vulnerability in Frontaccounting 2.4.3 FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). network low complexity frontaccounting CWE-352	8.8

Vulnerabilities > Frontaccounting {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Frontaccounting"}]}