← back
CVE-2024-58293

Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

CVSS 8.6 HIGHEPSS 0.3%CWE-1336
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Akaunting · Akaunting

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://akaunting.com/forumhttps://www.exploit-db.com/exploits/52030https://www.softaculous.com/apps/erp/Akauntinghttps://www.vulncheck.com/advisories/akaunting-server-side-template-injection-via-multiple-form-fields