CVE-2020-22390

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-22390

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22390.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-22390

Published

2021-06-21T15:15:08.027Z

Modified

2026-03-14T10:20:30.487036Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

References

https://cqinfo.la/csv-injection-in-akaunting/

Affected packages

Git / github.com/akaunting/akaunting

Affected ranges

Type

GIT

Repo

https://github.com/akaunting/akaunting

Events

Introduced

Last affected

070ca937d36871af53b4e341099825bbc6968d5a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.9"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.0rc

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.0rc

1.3.0rc2

1.3.0rc3

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.17

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22390.json"