Vulnerabilities > Frontaccounting > Frontaccounting > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-20 | CVE-2009-4045 | SQL Injection vulnerability in Frontaccounting Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/. | 7.5 |
2009-11-20 | CVE-2009-4037 | SQL Injection vulnerability in Frontaccounting Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/. | 7.5 |