2 matches found
EUVD-2026-44603
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...
CVE-2026-56287
CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The vulnerability arises from the orderBy and sortOrder parameters being concatenated into a SQL query without sufficient validation, enabling an au...