Skip to main content

FrontAccounting CVE-2026-40522

| EUVDEUVD-2026-40081 HIGH
SQL Injection (CWE-89)
2026-06-29 VulnCheck GHSA-53v3-ffpm-f9hw
7.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Network-reachable report endpoint with low complexity but requires an authenticated low-privilege account (PR:L); high confidentiality from full DB read, limited integrity, no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:N/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 29, 2026 - 14:23 vuln.today

DescriptionCVE.org

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.

AnalysisAI

SQL injection in FrontAccounting before 2.4.20 allows authenticated attackers to extract arbitrary database contents by injecting UNION SELECT payloads into the PARAM_0 POST parameter of the Bank Statement report handler (rep601.php). Attackers with valid low-privilege accounts can dump usernames, password hashes, and email addresses from the users table, with results rendered into the generated PDF report. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege account
Delivery
Open Bank Statement report
Exploit
Inject UNION SELECT into PARAM_0
Execution
SQL executes via unparameterized WHERE
Persist
Users table data rendered into PDF
Impact
Exfiltrate hashes and emails

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated FrontAccounting session with access to the Bank Statement report feature (the rep601.php handler) - the CVSS PR:L confirms a valid low-privilege account is needed, so this is not anonymously exploitable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent and point to a genuine but access-gated risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege FrontAccounting account (or stolen credentials) navigates to the Bank Statement report, then submits a crafted POST request injecting a UNION SELECT payload into the PARAM_0 parameter. The injected query pulls usernames, password hashes, and email addresses from the users table, which are rendered into the generated PDF report and read back by the attacker. …
Remediation Upgrade to FrontAccounting 2.4.20 or later, which contains the fix (Vendor-released patch: 2.4.20; release notes at https://sourceforge.net/p/frontaccounting/news/2026/04/release-2420/ and source commit https://github.com/FrontAccountingERP/FA/commit/894adaf71393e0ef6a04fe6036fcd2464050f590). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all FrontAccounting deployments and their versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-40522 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy