2 matches found
K21536299: Apache Fineract vulnerabilities CVE-2018-1289, CVE-2018-1290, and CVE-2018-1292
Security Advisory Description CVE-2018-1289 In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL...
CVE-2018-1292
Apache Fineract exposes an SQL injection in getReportType across multiple versions (1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating) via the reportName parameter, enabling a potentially authenticated attacker to read or update data without authorization. The root cause is improper han...