CVE-2021-36800 in Akaunting
Zusammenfassung
von MITRE • 05.08.2021
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.