7 matches found
EUVD-2026-44603
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...
CVE-2026-56287
CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The vulnerability arises from the orderBy and sortOrder parameters being concatenated into a SQL query without sufficient validation, enabling an au...
CVE-2026-56287 Apache Fineract: Boolean SQL Injection in Client Search API (orderBy parameter) leading to Local File Disclosure
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...
CVE-2024-51209
Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...
CVE-2024-51209
The CVE describes Cross-Site Scripting (XSS) in Anuj Kumar’s Client Management System Version 1.2. The vulnerability affects the search input fields on the admin search invoices page and the client search invoices page, allowing an attacker to inject arbitrary web script or HTML. Technical contex...
CVE-2024-22719
SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...
Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library
Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...