CVE-2024-22836

Name of the Vulnerable Software and Affected Versions Akaunting versions 3.1.3 and earlier

Description An OS command injection issue exists, allowing an attacker to manipulate the company locale during app installation to execute system commands on the hosting server.

Recommendations For versions 3.1.3 and earlier, update to a version later than 3.1.3 to resolve the issue. As a temporary workaround, consider restricting the ability to install apps or manipulate the company locale to minimize the risk of exploitation.