← Zuruck zu CVEs
CVE-2024-22836
CRITICAL9.8
Beschreibung
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/8/2024
Zuletzt geandert6/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
akaunting:akaunting
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://akaunting.com/(cve@mitre.org)
https://github.com/akaunting/akaunting/releases/tag/3.1.4(cve@mitre.org)
https://github.com/u32i/cve/tree/main/CVE-2024-22836(cve@mitre.org)
https://akaunting.com/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/akaunting/akaunting/releases/tag/3.1.4(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/u32i/cve/tree/main/CVE-2024-22836(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.