CVE-2026-40522 | FrontAccounting up to 2.4.19 POST Parameter PARAM_0 sql injection

Inserito da Angelo Barbosa | Giu 29, 2026 | CVE

A vulnerability has been found in FrontAccounting up to 2.4.19 and classified as critical. Affected is an unknown function of the component POST Parameter Handler. The manipulation of the argument PARAM_0 leads to sql injection.

This vulnerability is referenced as CVE-2026-40522. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.

CVE-2026-40522 | FrontAccounting up to 2.4.19 POST Parameter PARAM_0 sql injection

Post correlati

CVE-2016-15038 | NUUO NVRmini 2 up to 3.0.8 /deletefile.php filename path traversal (Exploit 40214)

CVE-2025-9360 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/accessControlAdd ruleName/schedule stack-based overflow

CVE-2025-4493 | Devolutions Server up to 2024.3.15.0/2025.1.7.0 PAM JIT Request privileges assignment (DEVO-2025-0008)

CVE-2025-46070 | Automai BotManager 25.2.0 BotManager.exe privilege escalation