Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Frontaccounting Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2007-5117 - Vulnerability Database
Frontaccounting

Frontaccounting Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2007-5117

Critical
Reference: CVE-2007-5117
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-5117
Title: Frontaccounting Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php different vectors than CVE-2007-4279.