GHSA-8ccm-j5hq-9jhr
FrontAccounting versions before 2.4.20 have a SQL injection vulnerability in the Audit Trail report handler. Authenticated users with SA_GLANALYTIC permission can inject malicious SQL code via the PARAM_2 and PARAM_3 POST parameters. This vulnerability allows execution of arbitrary SQL queries, enabling data extraction or denial of service through amplified time-based blind SQL injection using SLEEP() functions.
AI Analysis
Technical Summary
The vulnerability in FrontAccounting prior to version 2.4.20 is a SQL injection flaw located in the Audit Trail report handler. Attackers with authenticated access and SA_GLANALYTIC permission can exploit this by injecting SQL commands into the PARAM_2 and PARAM_3 POST parameters. Exploitation methods include UNION-based injections to extract arbitrary database content and time-based blind SQL injections using SLEEP() functions that are amplified across JOIN result sets, potentially causing denial of service by exhausting database connections.
Potential Impact
Successful exploitation allows attackers to execute arbitrary SQL queries on the database, leading to unauthorized data disclosure or denial of service conditions by exhausting database connections. This compromises the confidentiality and availability of the affected system's data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to users with SA_GLANALYTIC permission and monitor usage of the Audit Trail report handler for suspicious activity.
GHSA-8ccm-j5hq-9jhr
Description
FrontAccounting versions before 2.4.20 have a SQL injection vulnerability in the Audit Trail report handler. Authenticated users with SA_GLANALYTIC permission can inject malicious SQL code via the PARAM_2 and PARAM_3 POST parameters. This vulnerability allows execution of arbitrary SQL queries, enabling data extraction or denial of service through amplified time-based blind SQL injection using SLEEP() functions.
CVSS v4.0
Affected software
pkg:github/frontaccountingerp/FARun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in FrontAccounting prior to version 2.4.20 is a SQL injection flaw located in the Audit Trail report handler. Attackers with authenticated access and SA_GLANALYTIC permission can exploit this by injecting SQL commands into the PARAM_2 and PARAM_3 POST parameters. Exploitation methods include UNION-based injections to extract arbitrary database content and time-based blind SQL injections using SLEEP() functions that are amplified across JOIN result sets, potentially causing denial of service by exhausting database connections.
Potential Impact
Successful exploitation allows attackers to execute arbitrary SQL queries on the database, leading to unauthorized data disclosure or denial of service conditions by exhausting database connections. This compromises the confidentiality and availability of the affected system's data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to users with SA_GLANALYTIC permission and monitor usage of the Audit Trail report handler for suspicious activity.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-8ccm-j5hq-9jhr
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-40523"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a42ed5027e9c797199361c7
Added to database: 06/29/2026, 22:10:24 UTC
Last enriched: 06/29/2026, 22:29:12 UTC
Last updated: 06/30/2026, 01:31:14 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.