CVE-2024-23538

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 50.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Fineract Apache Fineract

Timeline

PublishedMar 29

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶NVDapache/fineract< 1.9.0

▶CVEListV5apache_software_foundation/apache_fineract< 1.8.5

🔴Vulnerability Details

GHSA

GHSA-x73g-5x4f-9mqr: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract↗2024-03-29

▶

CVEList

Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.↗2024-03-29

▶