10 matches found
CVE-2024-23538
CVE-2024-23538 concerns Apache Fineract prior to version 1.8.5, where an SQL Injection can be triggered by improper neutralization in the sqlSearch parameter. The vulnerability stems from unsafely constructed SQL statements, enabling an attacker to view, modify, or delete data in the backend data...
CVE-2022-44635
CVE-2022-44635 affects Apache Fineract up to version 1.8.0. A path traversal vulnerability in the file upload component allows an authenticated user to trigger remote code execution. Impact and exploitability details indicate a network-remote condition with high risk (authenticated with low privi...
CVE-2024-23539
CVE-2024-23539 affects Apache Fineract up to version 1.8.5 (pre-1.8.5). The issue is an SQL Injection vulnerability arising from improper neutralization of special elements in the sqlSearch parameter of specific endpoints, enabling an attacker to view, add, modify, or delete information in the ba...
CVE-2024-23537
CVE-2024-23537 is an elevation-of-privilege vulnerability in Apache Fineract . Reports describe an improper privilege management issue that, under certain circumstances, could allow users to escalate to any role. Affected versions are listed as earlier than 1.9.0, with 1.9.0 identified as the fix...
CVE-2018-11800
CVE-2018-11800 affects Apache Fineract prior to 1.3.0, enabling SQL injection through a query on the GroupSummaryCounts related table. CVSSv3 base score 9.8 (CRITICAL); CVSSv2 base score 7.5 (HIGH).
CVE-2018-11801
CVE-2018-11801 pertains to Apache Fineract and is a SQL injection vulnerability present in versions before 1.3.0, allowing an attacker to execute arbitrary SQL commands via a query on a center-related table. The issue is documented across multiple sources (NVD entry and CNVD/OSV entries) with con...
CVE-2020-17514
Apache Fineract up to version 1.5.0 disables HTTPS hostname verification in ProcessorHelper.configureClient, enabling potential MITM if hostname checks are not performed. This affects the client-communication security path and is documented across multiple sources (e.g., RH security pages and CVE...
CVE-2025-23408
CVE-2025-23408 concerns Apache Fineract and is described as a Weak Password Requirements vulnerability. Affected versions are listed as through 1.10.1, with a fix in 1.11.0. Upgrading to the latest release (1.13.0) is advised. The root cause is a weak password policy that could undermine authenti...
CVE-2025-58137
CVE-2025-58137 describes an Authorization Bypass via a User-Controlled Key in Apache Fineract (IDOR). Affected product: Apache Fineract up to 1.11.0; fixed in 1.12.1, with guidance to upgrade to 1.13.0. Root cause per CNVD: insecure direct object reference (IDOR) leading to authorization bypass. ...
CVE-2025-58130
Apache Fineract is affected by an Insufficiently Protected Credentials vulnerability up to version 1.11.0. The issue is fixed in 1.12.1, and users are advised to upgrade to 1.13.0 (latest release). The primary public details indicate credential exposure risk but do not describe specific exploitat...