exploitDog

CVE-2020-22390

Опубликовано: 21 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

Ссылки

https://cqinfo.la/csv-injection-in-akaunting/
Exploit
Third Party Advisory
URL Repurposed
https://cqinfo.la/csv-injection-in-akaunting/
Exploit
Third Party Advisory
URL Repurposed

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:akaunting:akaunting:*:*:*:*:*:*:*:*

Версия до 2.0.9 (включая)

EPSS

Процентиль: 73%

0.00789

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-jg4q-mprj-p635

github

больше 3 лет назад

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

EPSS

Процентиль: 73%

0.00789

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236