oss-sec mailing list archives
CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls
From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:21:18 +0000
Severity: moderate Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. Credit: Eugene Lim at Cyber Security Group (CSG) Government Technology Agency GOVTECH.sg (reporter) aleks () apache org (remediation developer) References: https://fineract.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-25197
Current thread:
- CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey (Mar 27)