Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-5663

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2017-5663
  • Apache » Fineract » Version: 0.4.0-incubating
    cpe:2.3:a:apache:fineract:0.4.0-incubating
  • Apache » Fineract » Version: 0.5.0-incubating
    cpe:2.3:a:apache:fineract:0.5.0-incubating
  • Apache » Fineract » Version: 0.6.0-incubating
    cpe:2.3:a:apache:fineract:0.6.0-incubating


Products
Pricing
Contact Us

Shodan ® - All rights reserved