CVE-2024-23539

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 28.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Fineract Apache Software Foundation Apache Fineract

Timeline

PublishedMar 29

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

▶NVDapache/fineract< 1.9.0

▶CVEListV5apache_software_foundation/apache_fineract1.8.4

🔴Vulnerability Details

CVEList

Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database quer↗2024-03-29

▶

GHSA

GHSA-p2vw-f9rr-2m2r: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract↗2024-03-29

▶