CVE-2009-4045
Published Nov 20, 2009
Last updated 15 years ago
Overview
- Description
- Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D960EE9-9570-4AD6-9E59-D3A86DCA53D7",
"versionEndIncluding": "2.1.6"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C37539D1-729E-498A-825E-B1B0D0AF6D75"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1660E02B-2461-4E9F-A4AF-03314FBA102F"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01BF1047-33D4-4CC8-BF62-9F68DA2315EA"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEBE05A1-22D7-43F0-B19E-BDE611B9A4D2"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86191646-E5C1-40A6-A41E-95057E182AA3"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD6DFBA1-53A4-4E58-A7BB-659F883BB3F6"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03848CEE-215A-46A4-8083-F1D749D7BDA5"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9542D25-071D-4706-8846-AB7F0D0868B5"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCC0D9A7-3FC4-4E00-8E02-5B0D0947A4BD"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB733D44-24AB-4FE0-8B0E-73AC2BDC6CAE"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.0:beta_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A1C2818-5B30-49D5-82B2-91849BE760B0"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.0:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B75313EA-C5D6-453C-9A12-7BC1F1A217AA"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6730538F-C3B7-4225-AB85-8308B16B0818"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74AA0164-181D-4B1F-9AC8-E46330F877BE"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35155DDF-48A3-4986-BB9C-6A7C5E1C5747"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65899469-E873-448E-AB9F-20711F9F3286"
},
{
"criteria": "cpe:2.3:a:frontaccounting:frontaccounting:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E868030C-BA4B-47F7-AE30-F1E844F769DF"
}
],
"operator": "OR"
}
]
}
]