CVE-2007-3345

Name of the Vulnerable Software and Affected Versions PHPAccounts version 0.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the index.php file, specifically via the Outgoing Type ID, Outgoing ID, Project ID, Client ID, Invoice ID, or Vendor ID parameters.

Recommendations For PHPAccounts version 0.5, consider restricting access to the index.php file until a patch is available, and avoid using the parameters Outgoing Type ID, Outgoing ID, Project ID, Client ID, Invoice ID, or Vendor ID in the affected API endpoint to minimize the risk of exploitation.