Description

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.

Remediation

References

CVE-2018-1000890

Related Vulnerabilities

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36238)

Drupal Core 8.7.x Cross-Site Scripting (8.7.0 - 8.7.11)

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)

GlassFish Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-7182)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3383)

Severity

High

Classification

CVE-2018-1000890 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities