Description
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)
WordPress Plugin Maintenance Cross-Site Request Forgery (3.6.4)
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-16651)
WordPress Plugin Online Hotel Booking System Pro Cross-Site Scripting (1.1)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)