Vulnerabilities > Apache > Fineract > 1.0.0

DATE CVE VULNERABILITY TITLE RISK
2024-03-29 CVE-2024-23537 Unspecified vulnerability in Apache Fineract
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.
network
low complexity
apache
8.8
2024-03-29 CVE-2024-23538 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2024-03-29 CVE-2024-23539 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8
2022-11-29 CVE-2022-44635 Unspecified vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache
8.8
2021-05-27 CVE-2020-17514 Unspecified vulnerability in Apache Fineract
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method.
network
high complexity
apache
7.4
2020-10-13 CVE-2018-20243 Insufficiently Protected Credentials vulnerability in Apache Fineract
The implementation of POST with the username and password in the URL parameters exposed the credentials.
network
low complexity
apache CWE-522
7.5
2019-06-11 CVE-2018-11801 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
network
low complexity
apache CWE-89
critical
9.8
2019-06-11 CVE-2018-11800 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
network
low complexity
apache CWE-89
critical
9.8
2018-04-20 CVE-2018-1292 SQL Injection vulnerability in Apache Fineract
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
network
low complexity
apache CWE-89
8.1
2018-04-20 CVE-2018-1291 SQL Injection vulnerability in Apache Fineract
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements.
network
low complexity
apache CWE-89
8.1