Описание
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-4037
- http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php
- http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php
- http://secunia.com/advisories/37327
- http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download
- http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download
- http://www.vupen.com/english/advisories/2009/3223
Связанные уязвимости
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.