A vulnerability was found in FrontAccounting up to 2.4.19 and classified as critical . Affected by this vulnerability is an unknown functionality. The manipulation of the argument PARAM_2/PARAM_3 results in sql injection. This vulnerability is identified as CVE-2026-40523 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.