Vulnerabilities > Apache > Fineract > 1.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-04-20 CVE-2018-1290 SQL Injection vulnerability in Apache Fineract
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection.
network
low complexity
apache CWE-89
critical
 9.8
9.8
2018-04-20 CVE-2018-1289 SQL Injection vulnerability in Apache Fineract
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements.
network
low complexity
apache CWE-89
8.8
8.8