EUVD-2024-55338

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

CVE-2024-58293

CVE-2024-58293 affects Akaunting 3.1.8 with a server-side template injection vulnerability. Authenticated administrators can inject template expressions into multiple form fields (items, taxes, transactions, vendor name), enabling arithmetic operations and string manipulations. Public sources in ...