PT-2025-50747 · Akaunting · Akaunting
Tmrswrr
·
Published
2025-12-11
·
Updated
2025-12-12
·
CVE-2024-58293
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Akaunting version 3.1.8
Description
Akaunting version 3.1.8 is affected by a server-side template injection issue. Authenticated administrators can inject template expressions into several form input fields, including those for items, taxes, transactions, and vendor names. This allows attackers to perform arithmetic operations and string manipulations by injecting template payloads.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Akaunting