Description

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.

Remediation

References

CVE-2018-1000890

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4066)

Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)

Jboss EAP Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-3805)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.17)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)

Severity

High

Classification

CVE-2018-1000890 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities