PT-2023-10005 · Unknown · Fanzila Webfinance
Cyril-Bouthors
·
Published
2023-02-03
·
Updated
2024-05-17
·
CVE-2013-10016
CVSS v2.0
5.2
Medium
| Vector | AV:A/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
fanzila WebFinance version 0.5
Description
A critical issue affects the processing of the file htdocs/admin/save taxes.php, where the manipulation of the
id argument leads to sql injection.Recommendations
For fanzila WebFinance version 0.5, apply the patch 306f170ca2a8203ae3d8f51fb219ba9e05b945e1 to fix this issue. As a temporary workaround, consider restricting access to the
htdocs/admin/save taxes.php file until the patch is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fanzila Webfinance