Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache fineract 0.4.0-incubating vulnerabilities and exploits

(subscribe to this query)
578
VMScore
CVE-2017-5663
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitiz...
Apache Fineract 0.4.0-incubatingApache Fineract 0.5.0-incubatingApache Fineract 0.6.0-incubating
490
VMScore
CVE-2018-1292
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Apache Fineract 0.4.0Apache Fineract 0.5.0Apache Fineract 0.6.0Apache Fineract 1.0.0
668
VMScore
CVE-2018-1290
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCo...
Apache Fineract 0.4.0Apache Fineract 0.5.0Apache Fineract 0.6.0Apache Fineract 1.0.0
490
VMScore
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'ord...
Apache Fineract 0.4.0Apache Fineract 0.5.0Apache Fineract 0.6.0Apache Fineract 1.0.0
578
VMScore
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statem...
Apache Fineract 0.4.0Apache Fineract 0.5.0Apache Fineract 0.6.0Apache Fineract 1.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook