oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-25196: Apache Fineract: SQL injection vulnerability

From: James Dailey <jdailey () apache org>
Date: Mon, 27 Mar 2023 16:21:03 +0000
Severity: important

Description:

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software 
Foundation Apache Fineract.
Authorized users may be able to change or add data in certain components.  

This issue affects Apache Fineract: from 1.4 through 1.8.2.

Credit:

 Zhang Baocheng at Leng Jing Qi Cai Security Lab (reporter)
Aleks () apache org (remediation developer)

References:

https://fineract.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-25196
Previous By Date Next
Previous By Thread Next

Current thread: