4 matches found
K21536299: Apache Fineract vulnerabilities CVE-2018-1289, CVE-2018-1290, and CVE-2018-1292
Security Advisory Description CVE-2018-1289 In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL...
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...
CVE-2018-1289
Summary: CVE-2018-1289 affects Apache Fineract up to 1.0.0 and older 0.x-incubating releases. The vulnerability arises because REST endpoints expose domain entities with query parameters orderBy and sortOrder that are appended directly into SQL statements. This allows a hacker to craft the parame...
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...