CSV Injection Vulnerability in Akaunting <= 2.0.9: Arbitrary Code Execution via Item Name Field
CVE-2020-22390 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.
Learn more about our Web Application Penetration Testing UK.