Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache fineract vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-11801
SQL injection vulnerability in Apache Fineract prior to 1.3.0 allows malicious users to execute arbitrary SQL commands via a query on a m_center data related table.
Apache Fineract
490
VMScore
CVE-2018-1292
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
578
VMScore
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statem...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
668
VMScore
CVE-2018-1290
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCo...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
490
VMScore
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'ord...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
578
VMScore
CVE-2017-5663
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitiz...
Apache Fineract 0.4.0-incubating
Apache Fineract 0.5.0-incubating
Apache Fineract 0.6.0-incubating
578
VMScore
CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the valu...
Pivotal Spring Security Oauth 2.0.4
Pivotal Spring Security Oauth 2.0.3
Pivotal Spring Security Oauth 1.0.2
Pivotal Spring Security Oauth 1.0.4
Pivotal Spring Security Oauth 2.0.6
Pivotal Spring Security Oauth 2.0.5
Pivotal Spring Security Oauth 1.0.3
Pivotal Spring Security Oauth 2.0.9
Pivotal Spring Security Oauth 1.0.1
Pivotal Spring Security Oauth 2.0.0
Pivotal Spring Security Oauth 1.0.5
Pivotal Spring Security Oauth 2.0.2
Pivotal Spring Security Oauth 2.0.8
Pivotal Spring Security Oauth 2.0.7
Pivotal Spring Security Oauth 2.0.1
Pivotal Spring Security Oauth 1.0.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2