Podatność CVE-2024-22836
Publikacja: 2024-02-08

Opis:
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Akaunting 3.1.3 Remote Command Execution
u32i
11.03.2024

Typ:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 Referencje:
https://github.com/akaunting/akaunting/releases/tag/3.1.4
https://akaunting.com/
https://github.com/u32i/cve/tree/main/CVE-2024-22836
Copyright 2024, cxsecurity.com

 

Back to Top