Lucene search
K

134 matches found

NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-40521

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS0.00627EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:30 p.m.8 views

EUVD-2026-40083

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS6.6AI score0.00627EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:30 p.m.34 views

CVE-2026-40521 FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS0.00627EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:30 p.m.6 views

CVE-2026-40521 FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS6.6AI score0.00627EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:30 p.m.21 views

CVE-2026-40521

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler. Authenticated attackers can upload files with traversal sequences in the unique_name parameter (eg ../../../shell.php) to write outside the attachments directory into the web root, enabling rem...

8.8CVSS6.6AI score0.00627EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 12:29 p.m.33 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:29 p.m.9 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:29 p.m.21 views

CVE-2026-40522

FrontAccounting

7.1CVSS6AI score0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40080

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 12:29 p.m.17 views

CVE-2026-40523

CVE-2026-40523 affects FrontAccounting

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:29 p.m.35 views

CVE-2026-40523 FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:29 p.m.9 views

CVE-2026-40523 FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:27 p.m.6 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 12:27 p.m.19 views

CVE-2026-40524

CVE-2026-40524 affects FrontAccounting

8.1CVSS6AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:27 p.m.6 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder