Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Akaunting OS Command Injection in 'Money.php'
Vulnerability Description
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Akaunting 代码注入漏洞
Vulnerability Description
Akaunting是Akaunting公司的一个应用软件提供一个在线管理资金所需的所有工具。 Akaunting 2.1.12及之前版本存在代码注入漏洞,该漏洞源于应用程序的Money.php组件中包含一个PHP可调用函数的items[0][price]。该问题已在2.1.13版本中修复。
CVSS Information
N/A
Vulnerability Type
N/A