Description

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.

Remediation

References

CVE-2007-4279

Related Vulnerabilities

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)

WordPress Plugin Font Organizer Cross-Site Scripting (2.1.1)

WordPress Plugin Safe Redirect Manager SQL Injection (1.7.7)

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.5.3.4)

MySQL CVE-2023-22038 Vulnerability (CVE-2023-22038)

Severity

High

Classification

CVE-2007-4279

Tags

Missing Update Known Vulnerabilities