CVE-2023-25196 Apache Fineract: SQL injection vulnerability

2023-03-2811:16:57

CWE-89

apache

www.cve.org

cve-2023-25196

apache fineract

sql injection

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users may be able to change or add data in certain components.

This issue affects Apache Fineract: from 1.4 through 1.8.2.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Apache Fineract",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.8.2",
        "status": "affected",
        "version": "1.4",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/m9x3vpn3bry4fympkzxnnz4qx0oc0w8m