Vulnerabilities > Apache > Fineract > 0.1.2

DATE CVE VULNERABILITY TITLE RISK
2024-03-29 CVE-2024-23537 Unspecified vulnerability in Apache Fineract
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.
network
low complexity
apache
8.8
2024-03-29 CVE-2024-23538 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2024-03-29 CVE-2024-23539 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2022-11-29 CVE-2022-44635 Unspecified vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache
8.8
2021-05-27 CVE-2020-17514 Unspecified vulnerability in Apache Fineract
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method.
network
high complexity
apache
7.4
2019-06-11 CVE-2018-11801 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
network
low complexity
apache CWE-89
critical
9.8
2019-06-11 CVE-2018-11800 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
network
low complexity
apache CWE-89
critical
9.8