11 matches found
CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
PT-2026-39405
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
Akaunting 代码问题漏洞
Akaunting is an application software developed by Akaunting Company that provides all the tools needed for online fund management. Version 3.1.21 of Akaunting has a code vulnerability; this vulnerability stems from an unknown processing in the Invoice PDF Rendering component’s config/dompdf.php...
CVE-2026-34367
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34367
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34367
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34367
InvoiceShelf (open-source web/mobile app) is affected by a Server-Side Request Forgery (SSRF) in the PDF generation module prior to version 2.2.0. User-supplied HTML in the Notes field is passed unsanitised to the Dompdf renderer, which fetches remote resources referenced in the markup. The vulne...
GHSA-3CPP-FV95-MPR5 Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...
50m-ctf: LFI on Accounting server and RCE on FliteThermostat admin server
Summary: An attacker is able to download local files on the Accounting server due leveraging improper input sanitization in the Invoice PDF generator. In the same fashion an attacker is also able to issue server-side requests on the Accounting server through user-controlled CSS, possibly leading ...