Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache fineract 1.0.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statem...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
9.8
CVSSv3
CVE-2018-1290
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCo...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
8.1
CVSSv3
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'ord...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
8.1
CVSSv3
CVE-2018-1292
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started