Home
HIGH: 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:NDefault status
unaffected
Any version before 18.5
affected
Default status
unaffected
Any version before 16.6
affected
Default status
unaffected
Any version before 13.4
affected
Default status
unaffected
Any version before 18.3
affected
Default status
unaffected
Any version before 8.3
affected
Default status
unaffected
Any version before 12.3
affected
Description
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
Problem types
CWE-798 Use of Hard-coded Credentials
Product status
Any version before 18.5
Any version before 16.6
Any version before 13.4
Any version before 18.3
Any version before 8.3
Any version before 12.3
Credits
Wojciech Żebrowski (Wern128)
References
cert.pl/en/posts/2026/01/CVE-2025-13776
finka.pl/