A vulnerability has been found in FrontAccounting up to 2.4.19 and classified as critical . Affected is an unknown function of the component POST Parameter Handler . The manipulation of the argument PARAM_0 leads to sql injection. This vulnerability is referenced as CVE-2026-40522 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.