Описание
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:frontaccounting:frontaccounting:2.4.5:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00604
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.5
debian
около 7 лет назад
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulner ...
CVSS3: 7.5
github
больше 3 лет назад
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
EPSS
Процентиль: 69%
0.00604
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89