Description
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Remediation
References
Related Vulnerabilities
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111)
GlassFish CVE-2012-0104 Vulnerability (CVE-2012-0104)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
Apache HTTP Server CVE-2004-0786 Vulnerability (CVE-2004-0786)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)