Lucene search
+L

34 matches found

NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:29 p.m.24 views

CVE-2026-40522

FrontAccounting

7.1CVSS6AI score0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.8 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:29 p.m.34 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:29 p.m.10 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 12:29 p.m.4 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6.2AI score0.00148EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53269

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...

7.1CVSS6AI score0.00148EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-17283

Malware in sbrugna...

8.8CVSS8.6AI score0.0213EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-41414

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-32699

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.6 views

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

5.3CVSS7.1AI score0.00301EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.4 views

CVE-2024-4138

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application...

4.3CVSS7.4AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 1:15 a.m.23 views

CVE-2025-27433

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...

4.3CVSS0.00252EPSS
Exploits0References2
CVE
CVE
added 2025/03/11 12:39 a.m.62 views

CVE-2025-27436

CVE-2025-27436 affects SAP S/4HANA: Manage Bank Statements allows an authenticated user to delete the attachment of a posted bank statement due to missing access-control checks. Impact is low on integrity with no confidentiality or availability impact. Root cause described as insufficient authori...

4.3CVSS7AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

SAP S/4HANA 安全漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from bypassing a functionality restriction that could result in uploading files to a reverse bank statement...

4.3CVSS6.6AI score0.00252EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.11 views

The vulnerability of the Manage Bank Statement Handler component of the SAP S/4HANA software platform allows a malicious individual to gain access to modify or delete files.

The vulnerability of the Manage Bank Statement Handler component in the SAP S/4HANA software platform is related to the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify...

4.3CVSS5.5AI score0.00301EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/08 4:15 a.m.16 views

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

5.3CVSS0.00301EPSS
Exploits0References2
OSV
OSV
added 2024/10/08 4:15 a.m.9 views

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.10 views

PT-2024-7173 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when...

5.3CVSS6.8AI score0.00301EPSS
Exploits0References9
Rows per page
Query Builder