Description
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Remediation
References
Related Vulnerabilities
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498)
WordPress Plugin OnePress Social Locker Multiple Cross-Site Scripting Vulnerabilities (4.2.0)
WordPress Plugin WP Gravity Forms Zendesk Cross-Site Scripting (1.0.7)
Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)