Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-2051

SQL Injection Vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 1.8.4, 1.9.0
    • 1.8.4, 1.9.0
    • None
    • None

    Description

      a blind SQL injection in the Apache Fineract was found in the `/recurringdepositaccounts` & `/fixeddepositaccounts` APIs against the orderBy and sortOrder parameters on versions <=1.8.4, please find the report attached as PDF for detailed PoCs and code-level Remediation. 

      SQL-Injection-Vulnerability-Disclosure.pdf

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue FINERACT-1868 Paging fix for 1.8.x

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3722

          Activity

            People

              hagafrank Frank Nkuyahaga
              hagafrank Frank Nkuyahaga
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: