Vulnerability Details CVE-2018-1000890
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-1000890
-
cpe:2.3:a:frontaccounting:frontaccounting:2.4.5