CVE-2026-40521
FrontAccounting FrontAccounting 취약점
- 대응 우선순위
- 점검
- CVSS
- 8.7
- EPSS
- 0.63% 백분위 45.5% · 2026.06.30 기준
- CISA KEV
- 미등록
- 조치 기한
- -
- 공개일
- 2026.06.29
CVSS 위험도가 높아 영향 여부를 우선 점검할 취약점
FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the unique_name parameter. Attackers can supply path traversal sequences ../../../shell.php to write files outside the intended attachments directory into the web root, and by uploading PHP files without extension validation, achieve remote code execution as the web server user.
공급사 FrontAccounting
제품 FrontAccounting
영향 버전 0
수정 버전 공식 출처에서 확인 필요
CVSS 벡터 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE CWE-22
EPSS 데이터 기준일 2026.06.30