CSV Injection Vulnerability in Akaunting <= 2.0.9: Arbitrary Code Execution via Item Name Field

CVE-2020-22390 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

Learn more about our Web Application Penetration Testing UK.