exploitDog

GHSA-5h74-7w4c-g92x

Опубликовано: 08 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

Ссылки

EPSS

Процентиль: 97%

0.32659

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2024-22836

CVSS3: 9.8

nvd

почти 2 года назад

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

EPSS

Процентиль: 97%

0.32659

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78