[jira] [Created] (FINERACT-2051) SQL Injection Vulnerability

Frank Nkuyahaga (Jira) Sat, 03 Feb 2024 05:37:08 -0800

Frank Nkuyahaga created FINERACT-2051:
-----------------------------------------


             Summary: SQL Injection Vulnerability
                 Key: FINERACT-2051
                 URL: https://issues.apache.org/jira/browse/FINERACT-2051
             Project: Apache Fineract
          Issue Type: Bug
    Affects Versions: 1.9.0, 1.8.4
            Reporter: Frank Nkuyahaga
            Assignee: Frank Nkuyahaga
             Fix For: 1.9.0, 1.8.4
         Attachments: SQL-Injection-Vulnerability-Disclosure.pdf

a blind SQL injection in the Apache Fineract was found in the 
`{_}/recurringdepositaccounts`{_} & `{_}/fixeddepositaccounts`{_} APIs against 
the _orderBy_ and _sortOrder_ parameters on versions <=1.8.4, please find the 
report attached as PDF for detailed PoCs and code-level Remediation. 

[^SQL-Injection-Vulnerability-Disclosure.pdf]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FINERACT-2051) SQL Injection Vulnerability

Reply via email to