CVE

Id
41480  
CVE No.
CVE-2009-4045  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.  
Phase
Assigned (20091120)  
Votes
None (candidate not yet proposed)  
Comments