Vulnerabilities > Akaunting > Akaunting > 2.0.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-22836 | OS Command Injection vulnerability in Akaunting An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. | 9.8 |
| 2021-08-04 | CVE-2021-36800 | Code Injection vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. | 9.1 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-04 | CVE-2021-36802 | Unspecified vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. | 6.5 |
| 2021-08-04 | CVE-2021-36803 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. | 5.4 |
| 2021-08-04 | CVE-2021-36804 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. | 8.1 |
| 2021-08-04 | CVE-2021-36805 | Cross-site Scripting vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. | 4.8 |