CVE-2024-58293

High CVSS: 8.6

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.

Vendor

Product

CWE

CWE-1336

Yayın Tarihi

2025-12-11 22:15:50

Güncelleme

2025-12-12 15:17:31

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1336 HIGH 2025

Referanslar

https://akaunting.com/forum https://www.exploit-db.com/exploits/52030 https://www.softaculous.com/apps/erp/Akaunting https://www.vulncheck.com/advisories/akaunting-server-side-template-injection-via-multiple-form-fields