CVE-2018-1290

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 30.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Fineract Apache Fineract

Timeline

PublishedApr 20

Latest updateMay 14

Description

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/fineract4 versions+3

▶CVEListV5apache_software_foundation/apache_fineract4 versions+3

🔴Vulnerability Details

GHSA

GHSA-6f7f-7xqp-mrqg: In Apache Fineract versions 1↗2022-05-14

▶

CVEList

CVE-2018-1290: In Apache Fineract versions 1↗2018-04-20

▶