Vulnerabilities > Frontaccounting > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-1000890 | SQL Injection vulnerability in Frontaccounting 2.4.5 FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | 7.5 |
| 2018-02-16 | CVE-2018-7176 | Cross-Site Request Forgery (CSRF) vulnerability in Frontaccounting 2.4.3 FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | 8.8 |