Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Fineract

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-11801	1 Apache	1 Fineract	2019-06-11	7.5 HIGH	9.8 CRITICAL
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
CVE-2018-11800	1 Apache	1 Fineract	2019-06-11	7.5 HIGH	9.8 CRITICAL
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
CVE-2018-1290	1 Apache	1 Fineract	2018-05-22	7.5 HIGH	9.8 CRITICAL
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.