Fineract@* Security Vulnerabilities and Issues — Fineract@* CVE List

Lucene search

ApacheFineract*

7 matches found

CVE•added 2024/03/29 3:15 p.m.•65 views

CVE-2024-23538

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract:

9.9CVSS9.9AI score0.00192EPSS

CVE•added 2024/03/29 3:15 p.m.•57 views

CVE-2024-23539

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract:

9.8CVSS9.3AI score0.0052EPSS

CVE•added 2022/11/29 3:15 p.m.•54 views

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upg...

8.8CVSS9AI score0.55677EPSS

CVE•added 2024/03/29 3:15 p.m.•54 views

CVE-2024-23537

Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract:

8.8CVSS8.6AI score0.00073EPSS

CVE•added 2019/06/11 5:29 p.m.•49 views

CVE-2018-11800

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

9.8CVSS9.8AI score0.03316EPSS

CVE•added 2019/06/11 5:29 p.m.•41 views

CVE-2018-11801

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.

9.8CVSS9.8AI score0.03316EPSS

CVE•added 2021/05/27 12:15 p.m.•36 views

CVE-2020-17514

Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.

7.4CVSS7.3AI score0.01087EPSS