Filtered by vendor Frontaccounting
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000890 | 1 Frontaccounting | 1 Frontaccounting | 2019-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | |||||
| CVE-2018-7176 | 1 Frontaccounting | 1 Frontaccounting | 2018-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | |||||