CVE-2018-1289 is a vulnerability in Apache Fineract
Published on April 20, 2018

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization.

NVD

Products Associated with CVE-2018-1289

Want to know whenever a new CVE is published for Apache Fineract? stack.watch will email you.

Apache Fineract

Affected Versions

Apache Software Foundation Apache Fineract:

Version 1.0.0 is affected.
Version 0.6.0-incubating is affected.
Version 0.5.0-incubating is affected.
Version 0.4.0-incubating is affected.

Exploit Probability

EPSS

0.53%

Percentile

66.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1289 is a vulnerability in Apache FineractPublished on April 20, 2018

Products Associated with CVE-2018-1289

Affected Versions

Exploit Probability

CVE-2018-1289 is a vulnerability in Apache Fineract
Published on April 20, 2018