FrontAccounting Multiple SQL Injection Vulnerabilities
SECUNIA ADVISORY ID: SA37327
VERIFY ADVISORY: http://secunia.com/advisories/37327/
DESCRIPTION: Multiple vulnerabilities have been reported in FrontAccounting, which can be exploited by malicious people and malicious users to conduct SQL injection attacks.
Input passed via multiple unspecified parameters to various scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in versions prior to 2.1.7.
SOLUTION: Update to version 2.1.7.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php
———————————————————————-