Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.
References
Link | Resource |
---|---|
https://cqinfo.la/csv-injection-in-akaunting/ | Exploit Third Party Advisory URL Repurposed |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-21T14:02:56
Updated: 2021-06-21T14:02:56
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22390
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-21T15:15:08.027
Modified: 2024-02-14T01:17:43.863
Link: CVE-2020-22390
JSON object: View
Redhat Information
No data.
CWE