PT-2026-21765 · Finka-Kpr+3 · Finka-Kpr+5
Wojciech Żebrowski
·
Publicado
2026-02-24
·
Atualizado
2026-02-25
·
CVE-2025-13776
CVSS v4.0
8.6
Alta
| Vetor | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Finka-FK versions prior to 18.5
Finka-KPR versions prior to 16.6
Finka-Płace versions prior to 13.4
Finka-Faktura versions prior to 18.3
Finka-Magazyn versions prior to 8.3
Finka-STW versions prior to 12.3
Description
The Finka software suite contains hard-coded Firebird database credentials that are shared across all instances. An attacker on the local network with knowledge of these default credentials can read and modify the database content.
Recommendations
Update Finka-FK to version 18.5 or later.
Update Finka-KPR to version 16.6 or later.
Update Finka-Płace to version 13.4 or later.
Update Finka-Faktura to version 18.3 or later.
Update Finka-Magazyn to version 8.3 or later.
Update Finka-STW to version 12.3 or later.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Finka-Fk
Finka-Faktura
Finka-Kpr
Finka-Magazyn
Finka-Płace
Finka-Stw