Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields
Vulnerability Description
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
CVSS Information
N/A
Vulnerability Type
CWE-1336
Vulnerability Title
Akaunting 安全漏洞
Vulnerability Description
Akaunting是Akaunting公司的一个应用软件提供一个在线管理资金所需的所有工具。 Akaunting 3.1.8版本存在安全漏洞,该漏洞源于多个表单输入字段存在服务器端模板注入,可能导致执行模板表达式。
CVSS Information
N/A
Vulnerability Type
N/A