FrontAccounting < 2.4.20 SQL Injection via rep601.php_CVE-2026-40522

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.

Basic Information

ID CVE-2026-40522

Source VulnCheck

Published Jun 29, 2026 at 12:29

Modified Jun 29, 2026 at 13:42

Affected Product

Vendor FrontAccounting

Product FrontAccounting

Affected Versions FrontAccounting FrontAccounting 0

CWE Classification

CWE-89 CWE-916

References

{
    "lastseen": "",
    "description": "FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.",
    "published": "2026-06-29T12:29:40.825Z",
    "modified": "2026-06-29T13:42:36.862Z",
    "type": "cve",
    "title": "FrontAccounting < 2.4.20 SQL Injection via rep601.php",
    "source": "VulnCheck",
    "references": "https://jivasecurity.com/writeups/frontaccounting-sqli-bank-statement-report-cve-2026-40522\nhttps://sourceforge.net/p/frontaccounting/news/2026/04/release-2420/\nhttps://github.com/FrontAccountingERP/FA/commit/894adaf71393e0ef6a04fe6036fcd2464050f590\nhttps://www.vulncheck.com/advisories/frontaccounting-sql-injection-via-rep601-php",
    "id": "CVE-2026-40522",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-916"
    ],
    "cvelist": null,
    "sourceData": "FrontAccounting FrontAccounting 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FrontAccounting",
    "version": "0",
    "vendor": "FrontAccounting",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}