FrontAccounting Multiple SQL Injection Vulnerabilities

Summary
This host is running FrontAccounting and is prone to multiple SQL Injection vulnerabilities.
Impact
Successful exploitation will allow attackers to access and modify the backend database by conducting SQL injection attacks. Impact Level: Application
Solution
Upgrade to FrontAccounting version 2.1.7 http://frontaccounting.net/wb3/pages/download.php
Insight
Input passed via multiple unspecified parameters to various scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Affected
FrontAccounting versions prior to 2.1.7
References