oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls

From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:21:18 +0000
Severity: moderate

Description:

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software 
Foundation apache fineract.
Authorized users may be able to exploit this for limited impact on components.  

This issue affects apache fineract: from 1.4 through 1.8.2.

Credit:

Eugene Lim at Cyber Security Group (CSG) Government Technology Agency GOVTECH.sg (reporter)
aleks () apache org (remediation developer)

References:

https://fineract.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-25197
Previous By Date Next
Previous By Thread Next

Current thread: