SQL Injection Vulnerability in Apache Fineract by REST API Query Parameters
CVE-2018-1289
8.8HIGH
What is CVE-2018-1289?
Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, and 0.4.0-incubating are susceptible to SQL Injection through improperly handled REST API query parameters 'orderBy' and 'sortOrder'. This vulnerability allows unauthorized users to manipulate SQL statements directly, potentially enabling them to read or modify sensitive data beyond their authorized access.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Apache Fineract 1.0.0
Apache Fineract 0.6.0-incubating
Apache Fineract 0.5.0-incubating
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved