Vulnerabilities > Apache > Fineract > 0.4.0.incubating

DATE CVE VULNERABILITY TITLE RISK
2024-03-29 CVE-2024-23537 Unspecified vulnerability in Apache Fineract
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.
network
low complexity
apache
8.8
2024-03-29 CVE-2024-23538 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2024-03-29 CVE-2024-23539 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2022-11-29 CVE-2022-44635 Unspecified vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache
8.8
2021-05-27 CVE-2020-17514 Unspecified vulnerability in Apache Fineract
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method.
network
high complexity
apache
7.4
2019-06-11 CVE-2018-11801 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
network
low complexity
apache CWE-89
critical
9.8
2019-06-11 CVE-2018-11800 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
network
low complexity
apache CWE-89
critical
9.8
2017-12-14 CVE-2017-5663 SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries.
network
low complexity
apache CWE-89
8.8