Ginnzo

**Name of the Vulnerable Software and Affected Versions** FrontAccounting version 2.4.6 **Description** The issue concerns a SQL Injection vulnerability in the `reference` field of the `includes/db/class.reflines db.inc` file. This vulnerability can be exploited via the `filterType` parameter in the `void transaction.php` file, potentially allowing an attacker to access the entire database of the application. **Recommendations** For FrontAccounting version 2.4.6, as a temporary workaround, consider restricting access to the `void transaction.php` file and the `filterType` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.