Fineract Security Vulnerabilities and Issues — Fineract CVE List

Lucene search

ApacheFineract

6 matches found

CVE•added 2025/02/12 10:15 a.m.•87 views

CVE-2024-32838

SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter. Users are recommended to upgrade to vers...

9.4CVSS7.7AI score0.00031EPSS

CVE•added 2024/03/29 3:15 p.m.•63 views

CVE-2024-23538

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract:

9.9CVSS9.9AI score0.00141EPSS

CVE•added 2024/03/29 3:15 p.m.•55 views

CVE-2024-23539

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract:

9.8CVSS9.3AI score0.00383EPSS

CVE•added 2019/06/11 5:29 p.m.•48 views

CVE-2018-11800

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

9.8CVSS9.8AI score0.03316EPSS

CVE•added 2019/06/11 5:29 p.m.•40 views

CVE-2018-11801

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.

9.8CVSS9.8AI score0.03316EPSS

CVE•added 2018/04/20 6:29 p.m.•35 views

CVE-2018-1290

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of Makerchec...

9.8CVSS9.7AI score0.00617EPSS