+233-2990093-27/29

FrontAccounting Multiple SQL injection vulnerabilities

21st July 2014

FrontAccounting Multiple SQL injection vulnerabilities

Date of First Release: 05-06-2014

Source: US-CERT/NIST

Systems Affected: FrontAccounting version below 2.3.21.

Description: Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21. Allow remote attackers to execute arbitrary SQL commands on the FrontAccounting database.

Impact: The vulnerability could allow:
• unauthorized disclosure of information
• unauthorized modification and
• Disruption of service.

Solution: FrontAccounting version 2.3.x should be update to version 2.3.21

References:

http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3973

Leave a Reply

Name (Required)

Email (Required - will not be published)

Website

Message (Required)