CVE-2009-4045

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.1.7

Description The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters to various files in different directories, including reporting, sales, and taxes. This can potentially lead to unauthorized data access or modification.

Recommendations For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected directories and files, such as those in reporting/, sales/, sales/includes/, sales/includes/db/, sales/inquiry/, sales/manage/, sales/view/, taxes/, and taxes/db/, to minimize the risk of exploitation.