CVE-2017-5663
N/A
N/A
Summary
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Fineract | 0.4.0-incubating | affected |
| Apache Software Foundation | Apache Fineract | 0.5.0-incubating | affected |
| Apache Software Foundation | Apache Fineract | 0.6.0-incubating | affected |
Weaknesses
- SQL Injection Vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.