Vulnerabilities > Apache > Fineract
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-11 | CVE-2018-11800 | SQL Injection vulnerability in Apache Fineract SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. | 9.8 |
2018-04-20 | CVE-2018-1292 | SQL Injection vulnerability in Apache Fineract Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. | 8.1 |
2018-04-20 | CVE-2018-1291 | SQL Injection vulnerability in Apache Fineract Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. | 8.1 |
2018-04-20 | CVE-2018-1290 | SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. | 9.8 |
2018-04-20 | CVE-2018-1289 | SQL Injection vulnerability in Apache Fineract In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. | 8.8 |
2017-12-14 | CVE-2017-5663 | SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. | 8.8 |