Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities by frontaccounting
CVE-2014-125080 (GCVE-0-2014-125080)
Vulnerability from cvelistv5 – Published: 2023-01-16 17:58 – Updated: 2024-08-06 14:10
VLAI
Title
frontaccounting faplanet path traversal
Summary
A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.218398 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.218398 | signaturepermissions-required |
| https://github.com/frontaccounting/faplanet/commi… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| frontaccounting | faplanet |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.218398"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.218398"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "faplanet",
"vendor": "frontaccounting",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In frontaccounting faplanet wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion. Durch Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T06:50:50.954Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.218398"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.218398"
},
{
"tags": [
"patch"
],
"url": "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-07T19:38:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "frontaccounting faplanet path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125080",
"datePublished": "2023-01-16T17:58:03.453Z",
"dateReserved": "2023-01-15T17:43:13.592Z",
"dateUpdated": "2024-08-06T14:10:56.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-21244 (GCVE-0-2020-21244)
Vulnerability from cvelistv5 – Published: 2020-09-30 14:06 – Updated: 2024-08-04 14:22
VLAI
Summary
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/FrontAccountingERP/FA/issues/40 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T14:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FrontAccountingERP/FA/issues/40",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21244",
"datePublished": "2020-09-30T14:06:32.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5720 (GCVE-0-2019-5720)
Vulnerability from cvelistv5 – Published: 2019-01-08 10:00 – Updated: 2024-09-17 03:02
VLAI
Summary
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/FrontAccountingERP/FA/issues/38 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FrontAccountingERP/FA/issues/38",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5720",
"datePublished": "2019-01-08T10:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:37.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000890 (GCVE-0-2018-1000890)
Vulnerability from cvelistv5 – Published: 2018-12-27 18:00 – Updated: 2024-09-16 22:01
VLAI
Summary
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46037 | exploitx_refsource_EXPLOIT-DB |
| https://github.com/FrontAccountingERP/FA/issues/37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter \"filterType\" in /attachments.php that can allow the attacker to grab the entire database of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-26T20:07:07.997267",
"DATE_REQUESTED": "2018-12-24T15:36:52",
"ID": "CVE-2018-1000890",
"REQUESTER": "sainadhjamalpur@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter \"filterType\" in /attachments.php that can allow the attacker to grab the entire database of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"name": "https://github.com/FrontAccountingERP/FA/issues/37",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000890",
"datePublished": "2018-12-27T18:00:00.000Z",
"dateReserved": "2018-12-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:32.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7176 (GCVE-0-2018-7176)
Vulnerability from cvelistv5 – Published: 2018-02-16 04:00 – Updated: 2024-08-05 06:24
VLAI
Summary
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44137/ | exploitx_refsource_EXPLOIT-DB |
| https://securitywarrior9.blogspot.in/2018/02/cros… | x_refsource_MISC |
Date Public
2018-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44137",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the \"add user\" feature of the User Permissions page)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44137",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the \"add user\" feature of the User Permissions page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44137",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"name": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html",
"refsource": "MISC",
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7176",
"datePublished": "2018-02-16T04:00:00.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3973 (GCVE-0-2014-3973)
Vulnerability from cvelistv5 – Published: 2014-06-05 17:00 – Updated: 2024-09-17 04:20
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://frontaccounting.com/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://sourceforge.net/p/frontaccounting/mercuria… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58848 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-05T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"name": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3973",
"datePublished": "2014-06-05T17:00:00.000Z",
"dateReserved": "2014-06-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:41.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3740 (GCVE-0-2011-3740)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-17 00:01
VLAI
Summary
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3740",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:50.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4045 (GCVE-0-2009-4045)
Vulnerability from cvelistv5 – Published: 2009-11-20 19:00 – Updated: 2024-09-16 19:34
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37327 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/2.1.7-… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37327"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4045",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:34:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4037 (GCVE-0-2009-4037)
Vulnerability from cvelistv5 – Published: 2009-11-20 19:00 – Updated: 2024-09-16 23:15
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37327 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/2.1.7-… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37327"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4037",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:21.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4046 (GCVE-0-2009-4046)
Vulnerability from cvelistv5 – Published: 2009-11-20 19:00 – Updated: 2024-09-16 17:28
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4046",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:28:23.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5148 (GCVE-0-2007-5148)
Vulnerability from cvelistv5 – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24 Disputed
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| http://osvdb.org/45524 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:40.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45524"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"refsource": "OSVDB",
"url": "http://osvdb.org/45524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5148",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:40.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5117 (GCVE-0-2007-5117)
Vulnerability from cvelistv5 – Published: 2007-09-27 17:00 – Updated: 2024-08-07 15:17
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26962 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25812 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4456 | exploitx_refsource_EXPLOIT-DB |
Date Public
2007-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5117",
"datePublished": "2007-09-27T17:00:00.000Z",
"dateReserved": "2007-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4279 (GCVE-0-2007-4279)
Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI
Summary
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26350 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/4269 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/36431 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/2809 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/25229 | vdb-entryx_refsource_BID |
Date Public
2007-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"refsource": "OSVDB",
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4279",
"datePublished": "2007-08-09T21:00:00.000Z",
"dateReserved": "2007-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-125080 (GCVE-0-2014-125080)
Vulnerability from nvd – Published: 2023-01-16 17:58 – Updated: 2024-08-06 14:10
VLAI
Title
frontaccounting faplanet path traversal
Summary
A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.218398 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.218398 | signaturepermissions-required |
| https://github.com/frontaccounting/faplanet/commi… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| frontaccounting | faplanet |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.218398"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.218398"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "faplanet",
"vendor": "frontaccounting",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In frontaccounting faplanet wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion. Durch Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T06:50:50.954Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.218398"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.218398"
},
{
"tags": [
"patch"
],
"url": "https://github.com/frontaccounting/faplanet/commit/a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-07T19:38:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "frontaccounting faplanet path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125080",
"datePublished": "2023-01-16T17:58:03.453Z",
"dateReserved": "2023-01-15T17:43:13.592Z",
"dateUpdated": "2024-08-06T14:10:56.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-21244 (GCVE-0-2020-21244)
Vulnerability from nvd – Published: 2020-09-30 14:06 – Updated: 2024-08-04 14:22
VLAI
Summary
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/FrontAccountingERP/FA/issues/40 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T14:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FrontAccountingERP/FA/issues/40",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21244",
"datePublished": "2020-09-30T14:06:32.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5720 (GCVE-0-2019-5720)
Vulnerability from nvd – Published: 2019-01-08 10:00 – Updated: 2024-09-17 03:02
VLAI
Summary
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/FrontAccountingERP/FA/issues/38 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-08T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FrontAccountingERP/FA/issues/38",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5720",
"datePublished": "2019-01-08T10:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:37.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000890 (GCVE-0-2018-1000890)
Vulnerability from nvd – Published: 2018-12-27 18:00 – Updated: 2024-09-16 22:01
VLAI
Summary
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46037 | exploitx_refsource_EXPLOIT-DB |
| https://github.com/FrontAccountingERP/FA/issues/37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter \"filterType\" in /attachments.php that can allow the attacker to grab the entire database of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-26T20:07:07.997267",
"DATE_REQUESTED": "2018-12-24T15:36:52",
"ID": "CVE-2018-1000890",
"REQUESTER": "sainadhjamalpur@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter \"filterType\" in /attachments.php that can allow the attacker to grab the entire database of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46037"
},
{
"name": "https://github.com/FrontAccountingERP/FA/issues/37",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000890",
"datePublished": "2018-12-27T18:00:00.000Z",
"dateReserved": "2018-12-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:32.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7176 (GCVE-0-2018-7176)
Vulnerability from nvd – Published: 2018-02-16 04:00 – Updated: 2024-08-05 06:24
VLAI
Summary
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44137/ | exploitx_refsource_EXPLOIT-DB |
| https://securitywarrior9.blogspot.in/2018/02/cros… | x_refsource_MISC |
Date Public
2018-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44137",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the \"add user\" feature of the User Permissions page)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-18T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44137",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the \"add user\" feature of the User Permissions page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44137",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44137/"
},
{
"name": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html",
"refsource": "MISC",
"url": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-front.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7176",
"datePublished": "2018-02-16T04:00:00.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3973 (GCVE-0-2014-3973)
Vulnerability from nvd – Published: 2014-06-05 17:00 – Updated: 2024-09-17 04:20
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://frontaccounting.com/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://sourceforge.net/p/frontaccounting/mercuria… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58848 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-05T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php"
},
{
"name": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e"
},
{
"name": "58848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3973",
"datePublished": "2014-06-05T17:00:00.000Z",
"dateReserved": "2014-06-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:41.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3740 (GCVE-0-2011-3740)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-17 00:01
VLAI
Summary
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3740",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:50.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4046 (GCVE-0-2009-4046)
Vulnerability from nvd – Published: 2009-11-20 19:00 – Updated: 2024-09-16 17:28
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4046",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:28:23.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4045 (GCVE-0-2009-4045)
Vulnerability from nvd – Published: 2009-11-20 19:00 – Updated: 2024-09-16 19:34
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37327 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/2.1.7-… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37327"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4045",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:34:58.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4037 (GCVE-0-2009-4037)
Vulnerability from nvd – Published: 2009-11-20 19:00 – Updated: 2024-09-16 23:15
VLAI
Summary
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/37327 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://sourceforge.net/projects/frontaccounting/f… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/releas… | x_refsource_CONFIRM |
| http://frontaccounting.net/wb3/pages/posts/2.1.7-… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3223 | vdb-entryx_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37327"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download"
},
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4037",
"datePublished": "2009-11-20T19:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:21.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5148 (GCVE-0-2007-5148)
Vulnerability from nvd – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24 Disputed
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| http://osvdb.org/45524 | vdb-entryx_refsource_OSVDB |
Date Public
2007-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:40.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45524"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "45524",
"refsource": "OSVDB",
"url": "http://osvdb.org/45524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5148",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:40.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5117 (GCVE-0-2007-5117)
Vulnerability from nvd – Published: 2007-09-27 17:00 – Updated: 2024-08-07 15:17
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26962 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25812 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4456 | exploitx_refsource_EXPLOIT-DB |
Date Public
2007-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "frontaccounting-pathtoroot-file-include(36796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36796"
},
{
"name": "26962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26962"
},
{
"name": "25812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25812"
},
{
"name": "4456",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5117",
"datePublished": "2007-09-27T17:00:00.000Z",
"dateReserved": "2007-09-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:28.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4279 (GCVE-0-2007-4279)
Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI
Summary
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://arfis.wordpress.com/2007/09/14/rfi-02-fron… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26350 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/4269 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/36431 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/2809 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/25229 | vdb-entryx_refsource_BID |
Date Public
2007-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccounting/"
},
{
"name": "fa-config-file-include(35873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35873"
},
{
"name": "26350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26350"
},
{
"name": "4269",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4269"
},
{
"name": "36431",
"refsource": "OSVDB",
"url": "http://osvdb.org/36431"
},
{
"name": "ADV-2007-2809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2809"
},
{
"name": "25229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4279",
"datePublished": "2007-08-09T21:00:00.000Z",
"dateReserved": "2007-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}