CVE-2013-10018

Name of the Vulnerable Software and Affected Versions fanzila WebFinance version 0.5

Description A critical issue was found in the file htdocs/prospection/save contact.php, where the manipulation of the arguments nom, prenom, email, tel, mobile, client, fonction, and note leads to sql injection.

Recommendations For fanzila WebFinance version 0.5, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider restricting access to the save contact.php file until a patch is available. Avoid using the arguments nom, prenom, email, tel, mobile, client, fonction, and note in the affected functionality until the issue is resolved.