CVE-2009-4037 Information

Description

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 and 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc and various other .inc and .php files under (2) admin/ (3) dimensions/ (4) gl/ (5) inventory/ (6) manufacturing/ and (7) purchasing/.

Reference

http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php http://secunia.com/advisories/37327 http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.220RC/frontaccount-2.2RC.tar.gz/download http://www.vupen.com/english/advisories/2009/3223