Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache fineract 1.0.0 vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-1292
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
8.8
CVSSv3
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statem...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
9.8
CVSSv3
CVE-2018-1290
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCo...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
8.1
CVSSv3
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'ord...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
8.8
CVSSv3
CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the valu...
Pivotal Spring Security Oauth 2.0.4
Pivotal Spring Security Oauth 2.0.3
Pivotal Spring Security Oauth 1.0.2
Pivotal Spring Security Oauth 1.0.4
Pivotal Spring Security Oauth 2.0.6
Pivotal Spring Security Oauth 2.0.5
Pivotal Spring Security Oauth 1.0.3
Pivotal Spring Security Oauth 2.0.9
Pivotal Spring Security Oauth 1.0.1
Pivotal Spring Security Oauth 2.0.0
Pivotal Spring Security Oauth 1.0.5
Pivotal Spring Security Oauth 2.0.2
Pivotal Spring Security Oauth 2.0.8
Pivotal Spring Security Oauth 2.0.7
Pivotal Spring Security Oauth 2.0.1
Pivotal Spring Security Oauth 1.0.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started