📦 Akaunting

This CVE describes an OS command injection vulnerability in Akaunting v3.1.3 and earlier that allows attackers to execute arbitrary system commands on the hosting server by manipulating the company lo...

CVE-2021-36800 is a code injection vulnerability in Akaunting accounting software that allows remote attackers to execute arbitrary PHP code by sending specially crafted POST requests to invoice endpo...

CVE-2020-22390 is a CSV injection vulnerability in Akaunting accounting software that allows attackers to inject malicious formulas into exported CSV files. When victims open these crafted files in sp...

An authenticated attacker can send a specially crafted POST request to the /settings/localisation endpoint in Akaunting v3.1.18, causing a Denial of Service (DoS) that makes the application unavailabl...

This cross-site scripting vulnerability in Akaunting v3.1.18 allows attackers to inject malicious scripts into the name parameter of the /common/reports component. When exploited, it enables execution...