Php Accounts: Security Vulnerabilities
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-06-22
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter.
CVSS Score
7.8
EPSS Score
0.032
Published
2007-06-22