oss-sec mailing list archives
CVE-2023-25196: Apache Fineract: SQL injection vulnerability
From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:21:03 +0000
Severity: important Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. Credit: Zhang Baocheng at Leng Jing Qi Cai Security Lab (reporter) Aleks () apache org (remediation developer) References: https://fineract.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-25196
Current thread:
- CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey (Mar 27)