CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23538: Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attacke...

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.

Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

Classification

CVE ID: CVE-2024-23538

Affected Products

Vendor: Apache Software Foundation

Product: Apache Fineract

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.98% (probability of being exploited)

EPSS Percentile: 83.7% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
http://www.openwall.com/lists/oss-security/2024/03/29/2

Timeline

2025-02-14 00:31:37 UTC
CVE

Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attacke...