← back
CVE-2024-22836

CVE-2024-22836

CVSS 9.8 CRITICALEPSS 30.0%CWE-78
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/51870unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://akaunting.com/https://github.com/akaunting/akaunting/releases/tag/3.1.4https://github.com/u32i/cve/tree/main/CVE-2024-22836