Vulnerabilities > Apache > Fineract

DATE CVE VULNERABILITY TITLE RISK
2019-06-11 CVE-2018-11800 SQL Injection vulnerability in Apache Fineract
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
network
low complexity
apache CWE-89
critical
9.8
2018-04-20 CVE-2018-1292 SQL Injection vulnerability in Apache Fineract
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
network
low complexity
apache CWE-89
8.1
2018-04-20 CVE-2018-1291 SQL Injection vulnerability in Apache Fineract
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements.
network
low complexity
apache CWE-89
8.1
2018-04-20 CVE-2018-1290 SQL Injection vulnerability in Apache Fineract
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection.
network
low complexity
apache CWE-89
critical
9.8
2018-04-20 CVE-2018-1289 SQL Injection vulnerability in Apache Fineract
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements.
network
low complexity
apache CWE-89
8.8
2017-12-14 CVE-2017-5663 SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries.
network
low complexity
apache CWE-89
8.8