Vulnerability Details CVE-2024-23538
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.
Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 9.9
References
- http://www.openwall.com/lists/oss-security/2024/03/29/2
- https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
- https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
- http://www.openwall.com/lists/oss-security/2024/03/29/2
- https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
- https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
Products affected by CVE-2024-23538
-
cpe:2.3:a:apache:fineract:-
-
cpe:2.3:a:apache:fineract:0.1.2
-
cpe:2.3:a:apache:fineract:0.3.1
-
cpe:2.3:a:apache:fineract:0.3.2
-
cpe:2.3:a:apache:fineract:0.4.0
-
cpe:2.3:a:apache:fineract:0.4.0-incubating
-
cpe:2.3:a:apache:fineract:0.5.0
-
cpe:2.3:a:apache:fineract:0.5.0-incubating
-
cpe:2.3:a:apache:fineract:0.6.0
-
cpe:2.3:a:apache:fineract:0.6.0-incubating
-
cpe:2.3:a:apache:fineract:1.0.0
-
cpe:2.3:a:apache:fineract:1.1.0
-
cpe:2.3:a:apache:fineract:1.2.0
-
cpe:2.3:a:apache:fineract:1.3.0
-
cpe:2.3:a:apache:fineract:1.4.0
-
cpe:2.3:a:apache:fineract:1.5.0
-
cpe:2.3:a:apache:fineract:1.6.0
-
cpe:2.3:a:apache:fineract:1.7.0
-
cpe:2.3:a:apache:fineract:1.7.1
-
cpe:2.3:a:apache:fineract:1.7.2
-
cpe:2.3:a:apache:fineract:1.7.3
-
cpe:2.3:a:apache:fineract:1.8.0
-
cpe:2.3:a:apache:fineract:1.8.1
-
cpe:2.3:a:apache:fineract:1.8.2
-
cpe:2.3:a:apache:fineract:1.8.3
-
cpe:2.3:a:apache:fineract:1.8.4