includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/FrontAccountingERP/FA/issues/38 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-08T10:00:00Z
Updated: 2024-09-17T03:02:37.728Z
Reserved: 2019-01-08T00:00:00Z
Link: CVE-2019-5720
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-01-08T10:29:00.193
Modified: 2019-01-30T20:23:40.210
Link: CVE-2019-5720
Redhat
No data.