CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
References
Link Resource
https://www.exploit-db.com/exploits/46037 Exploit Third Party Advisory
https://github.com/FrontAccountingERP/FA/issues/37 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:frontaccounting:frontaccounting:2.4.5:*:*:*:*:*:*:*

Information

Published : 2018-12-28 04:29

Updated : 2019-01-30 08:25


NVD link : CVE-2018-1000890

Mitre link : CVE-2018-1000890

Products Affected
No products.
CWE