PT-2026-21765 · Finka-Kpr+3 · Finka-Kpr+5
Wojciech Żebrowski
·
Published
2026-02-24
·
Updated
2026-02-25
·
CVE-2025-13776
CVSS v4.0
8.6
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Finka-FK versions prior to 18.5
Finka-KPR versions prior to 16.6
Finka-Płace versions prior to 13.4
Finka-Faktura versions prior to 18.3
Finka-Magazyn versions prior to 8.3
Finka-STW versions prior to 12.3
Description
The Finka software suite contains hard-coded Firebird database credentials that are shared across all instances. An attacker on the local network with knowledge of these default credentials can read and modify the database content.
Recommendations
Update Finka-FK to version 18.5 or later.
Update Finka-KPR to version 16.6 or later.
Update Finka-Płace to version 13.4 or later.
Update Finka-Faktura to version 18.3 or later.
Update Finka-Magazyn to version 8.3 or later.
Update Finka-STW to version 12.3 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Finka-Fk
Finka-Faktura
Finka-Kpr
Finka-Magazyn
Finka-Płace
Finka-Stw