CVE-2018-1291 is a vulnerability in Apache Fineract
Published on April 20, 2018

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization.

NVD

Products Associated with CVE-2018-1291

Want to know whenever a new CVE is published for Apache Fineract? stack.watch will email you.

Apache Fineract

Affected Versions

Apache Software Foundation Apache Fineract:

Version 1.0.0 is affected.
Version 0.6.0-incubating is affected.
Version 0.5.0-incubating is affected.
Version 0.4.0-incubating is affected.

Exploit Probability

EPSS

0.25%

Percentile

48.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1291 is a vulnerability in Apache FineractPublished on April 20, 2018

Products Associated with CVE-2018-1291

Affected Versions

Exploit Probability

CVE-2018-1291 is a vulnerability in Apache Fineract
Published on April 20, 2018