177 matches found
CVE-2024-23537 Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue...
CVE-2024-23537
CVE-2024-23537 is an elevation-of-privilege vulnerability in Apache Fineract . Reports describe an improper privilege management issue that, under certain circumstances, could allow users to escalate to any role. Affected versions are listed as earlier than 1.9.0, with 1.9.0 identified as the fix...
CVE-2024-23537 Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue...
CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
CVE-2024-23538
CVE-2024-23538 concerns Apache Fineract prior to version 1.8.5, where an SQL Injection can be triggered by improper neutralization in the sqlSearch parameter. The vulnerability stems from unsafely constructed SQL statements, enabling an attacker to view, modify, or delete data in the backend data...
CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
CVE-2024-23539
CVE-2024-23539 affects Apache Fineract up to version 1.8.5 (pre-1.8.5). The issue is an SQL Injection vulnerability arising from improper neutralization of special elements in the sqlSearch parameter of specific endpoints, enabling an attacker to view, add, modify, or delete information in the ba...
CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...
Apache Fineract SQL注入漏洞
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...
Apache Fineract SQL注入漏洞
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...
PT-2024-19927 · Apache · Apache Fineract
Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.8.5 Apache Fineract version 1.9.0 is the fixed version, so all versions prior to 1.9.0 are affected, but since 1.8.5 is the last affected version, the correct statement is: Apache Fineract versions prior to...
PT-2024-19928 · Apache · Apache Fineract
Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.8.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. Users are advised t...
Apache Fineract 安全漏洞
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an elevatio...
The vulnerability of the Apache Fineract digital financial services platform, related to the lack of protection for the SQL query structure, allows attackers to gain access to read, modify, or delete data.
The vulnerability of the Apache Fineract digital financial services platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain read, modify, or delete access to data...
Apache Fineract SQL Injection Vulnerability (CNVD-2023-23557)
Apache Fineract is an open source digital financial services platform from the Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other features. Apache Fineract versions 1.4 to 1.8.3 have a SQL injection...
Apache Fineract Server Request Forgery Vulnerability
Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...
CVE-2023-25195
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...