CVE-2024-58293

UNKNOWN 0.0

Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.

CWE	CWE-1336
Vendor	akaunting
Product	akaunting
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for akaunting akaunting

Be the first to know when new unknown vulnerabilities affecting akaunting akaunting are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Akaunting / Akaunting

3.1.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52030 akaunting.com: https://akaunting.com/forum softaculous.com: https://www.softaculous.com/apps/erp/Akaunting vulncheck.com: https://www.vulncheck.com/advisories/akaunting-server-side-template-injection-via-multiple-form-fields

Credits

tmrswrr