Description

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.

Remediation

References

CVE-2019-5720

Related Vulnerabilities

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5476)

WordPress Plugin Really Simple Share Cross-Site Request Forgery (2.9.9)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Multiple Vulnerabilities (1.5.2)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11809)

Severity

Critical

Classification

CVE-2019-5720 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities