CVE-2017-5663 is a vulnerability in Apache Fineract
Published on December 14, 2017

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.

NVD

Products Associated with CVE-2017-5663

Want to know whenever a new CVE is published for Apache Fineract? stack.watch will email you.

Apache Fineract

Affected Versions

Apache Software Foundation Apache Fineract:

Version 0.4.0-incubating is affected.
Version 0.5.0-incubating is affected.
Version 0.6.0-incubating is affected.

Exploit Probability

EPSS

0.19%

Percentile

41.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5663 is a vulnerability in Apache FineractPublished on December 14, 2017

Products Associated with CVE-2017-5663

Affected Versions

Exploit Probability

CVE-2017-5663 is a vulnerability in Apache Fineract
Published on December 14, 2017