← back
CVE-2024-22836

CVE-2024-22836

CVSS 9.8 CRITICALEPSS 30.0%CWE-78
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 30.0%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
08 Feb 2024Published on NVD
10 Mar 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/51870unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://akaunting.com/https://github.com/akaunting/akaunting/releases/tag/3.1.4https://github.com/u32i/cve/tree/main/CVE-2024-22836