VULHUB ™

FrontAccounting (FA) 2.1.7之前版本中存在多个SQL注入漏洞。远程攻击者可以借助提交到(1)reporting/,(2)sales/,(3)sales/includes/,(4)sales/includes/db/,(5)sales/inquiry/,(6)sales/manage/,(7)sales/view/,(8)taxes/和(9)taxes/db/中不同的.inc和.php文件的未明参数，执行任意的SQL指令。

FrontAccounting (FA) 2.1.7之前版本中存在多个SQL注入漏洞。远程攻击者可以借助提交到(1)reporting/,(2)sales/,(3)sales/includes/,(4)sales/includes/db/,(5)sales/inquiry/,(6)sales/manage/,(7)sales/view/,(8)taxes/和(9)taxes/db/中不同的.inc和.php文件的未明参数，执行任意的SQL指令。