N/A

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.

N/A

N/A

FrontAccounting 未明参数SQL注入漏洞

FrontAccounting (FA) 2.1.7之前版本中存在多个SQL注入漏洞。远程攻击者可以借助提交到(1)reporting/,(2)sales/,(3)sales/includes/,(4)sales/includes/db/,(5)sales/inquiry/,(6)sales/manage/,(7)sales/view/,(8)taxes/和(9)taxes/db/中不同的.inc和.php文件的未明参数，执行任意的SQL指令。

N/A

N/A