CVE-2009-4045 Information

Description

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/ (2) sales/ (3) sales/includes/ (4) sales/includes/db/ (5) sales/inquiry/ (6) sales/manage/ (7) sales/view/ (8) taxes/ and (9) taxes/db/.

Reference

http://frontaccounting.net/wb3/pages/posts/2.1.7-security-release103.php http://secunia.com/advisories/37327 http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.1.7/frontaccount-2.1.7.tar.gz/download http://www.vupen.com/english/advisories/2009/3223