Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)

Description

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.

Remediation

References

CVE-2019-5720

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2891)

Apache HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)

WordPress Plugin Page-list Cross-Site Scripting (5.2)

MySQL CVE-2019-2617 Vulnerability (CVE-2019-2617)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23793)

Severity

Critical

Classification

CVE-2019-5720 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H