CVE-2009-4037

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.1.7 FrontAccounting versions 2.2.x prior to 2.2 RC

Description The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters to various files under different directories, including admin/, dimensions/, gl/, inventory/, manufacturing/, and purchasing/. This is achieved through multiple SQL injection vulnerabilities.

Recommendations For FrontAccounting versions prior to 2.1.7, update to version 2.1.7 or later. For FrontAccounting versions 2.2.x prior to 2.2 RC, update to 2.2 RC or later. As a temporary workaround, consider restricting access to the affected files under the admin/, dimensions/, gl/, inventory/, manufacturing/, and purchasing/ directories until a patch is available.