CVE-2020-22390

HIGH

Akaunting <= 2.0.9 - Code Injection

Title source: llm

Description

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

References (1)

[Exploit, Third Party Advisory, URL Repurposed] https://cqinfo.la/csv-injection-in-akaunting/

Scores

CVSS v3 8.8

EPSS 0.0079

EPSS Percentile 73.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

akaunting/akaunting < 2.0.9

Published Jun 21, 2021

Tracked Since Feb 18, 2026