CVE-2018-1292 is a vulnerability in Apache Fineract
Published on April 20, 2018

Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.

NVD

Products Associated with CVE-2018-1292

Want to know whenever a new CVE is published for Apache Fineract? stack.watch will email you.

Apache Fineract

Affected Versions

Apache Software Foundation Apache Fineract:

Version 1.0.0 is affected.
Version 0.6.0-incubating is affected.
Version 0.5.0-incubating is affected.
Version 0.4.0-incubating is affected.

Exploit Probability

EPSS

0.57%

Percentile

68.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1292 is a vulnerability in Apache FineractPublished on April 20, 2018

Products Associated with CVE-2018-1292

Affected Versions

Exploit Probability

CVE-2018-1292 is a vulnerability in Apache Fineract
Published on April 20, 2018