CVE-2019-5720

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
References
Link Resource
https://github.com/FrontAccountingERP/FA/issues/38 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:frontaccounting:frontaccounting:2.4.6:*:*:*:*:*:*:*

Information

Published : 2019-01-08 10:29

Updated : 2019-01-30 08:23


NVD link : CVE-2019-5720

Mitre link : CVE-2019-5720

Products Affected
No products.
CWE