Vulnerabilities > Apache > Fineract > 0.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-23537 | Unspecified vulnerability in Apache Fineract Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 8.8 |
| 2024-03-29 | CVE-2024-23538 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2024-03-29 | CVE-2024-23539 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |
| 2022-11-29 | CVE-2022-44635 | Unspecified vulnerability in Apache Fineract Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. | 8.8 |
| 2021-05-27 | CVE-2020-17514 | Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. | 7.4 |
| 2019-06-11 | CVE-2018-11801 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table. | 9.8 |
| 2019-06-11 | CVE-2018-11800 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | 9.8 |