CVE-2024-58293

Vulnerability Description

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.

Related Weaknesses (CWE)

CWE-1336

References

https://akaunting.com/forum
https://www.exploit-db.com/exploits/52030
https://www.softaculous.com/apps/erp/Akaunting
https://www.vulncheck.com/advisories/akaunting-server-side-template-injection-vi

FAQ

What is CVE-2024-58293?

CVE-2024-58293 is a documented vulnerability. Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject tem...

How severe is CVE-2024-58293?

CVSS scoring is not yet available for CVE-2024-58293. Check NVD for updates.

Is there a patch for CVE-2024-58293?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.