Detections
Analytics
CVE-2024-58293
high
Description
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
References
https://www.softaculous.com/apps/erp/Akaunting
Details
Published: 2025-12-11
Updated: 2025-12-12
Risk Information
CVSS v2
Base Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: Medium
CVSS v3
Base Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: High
CVSS v4
Base Score: 8.6
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity: High
EPSS
EPSS: 0.00043