CVE-2009-4045

critical

Description

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.

References

http://www.vupen.com/english/advisories/2009/3223

http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download

http://secunia.com/advisories/37327

http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php

Details

Source: Mitre, NVD

Published: 2009-11-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00397