Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
akaunting akaunting vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22836
An OS command injection vulnerability exists in Akaunting v3.1.3 and previous versions. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
Akaunting Akaunting
801
VMScore
CVE-2021-36800
Akaunting version 2.1.12 and previous versions suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issu...
Akaunting Akaunting
490
VMScore
CVE-2021-36801
Akaunting version 2.1.12 and previous versions suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.
Akaunting Akaunting
356
VMScore
CVE-2021-36802
Akaunting version 2.1.12 and previous versions suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product.
Akaunting Akaunting
312
VMScore
CVE-2021-36803
Akaunting version 2.1.12 and previous versions suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.
Akaunting Akaunting
516
VMScore
CVE-2021-36804
Akaunting version 2.1.12 and previous versions suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in versio...
Akaunting Akaunting
312
VMScore
CVE-2021-36805
Akaunting version 2.1.12 and previous versions suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product.
Akaunting Akaunting
312
VMScore
CVE-2020-20908
Akaunting v1.3.17 exists to contain a stored cross-site scripting (XSS) vulnerability which allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
Akaunting Akaunting
605
VMScore
CVE-2020-22390
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.
Akaunting Akaunting
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started