Volerion logoVolerion
Volerion logoVolerion

Akaunting Denial-of-Service Vulnerability in the Localisation Settings Component

Vulnerability

A denial-of-service vulnerability has been identified in Akaunting versions through 3.1.19. This issue allows authenticated attackers to disrupt service by sending a crafted POST request to the 'settings/localisation' component. The vulnerability arises from the application not properly validating the 'timezone' value before applying it, which can lead to a 500 Internal Server Error.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application fails to respond properly and instead returns a 500 Internal Server Error.

Reproduction

To reproduce this vulnerability, log into an affected Akaunting application and navigate to the 'settings/localisation' page. Once there, modify the 'timezone' field by entering a non-existent or incorrect value, and then save the changes. After refreshing the page, a 500 Internal Server Error will be displayed, indicating that the denial-of-service condition has been triggered.

Remediation

Users can upgrade to Akaunting version 3.1.19 or later to address this vulnerability.

Added: Aug 21, 2025, 5:30 PM
Updated: Aug 21, 2025, 7:21 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
2.5
exploitability
6.6
remediation
7.7
relevance
0.4
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.