CVE-2018-1290 Information
Feb 14, 2021
cve
Description
In Apache Fineract versions 1.0.0 0.6.0-incubating 0.5.0-incubating 0.4.0-incubating Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/103975 https://lists.apache.org/thread.html/69cc2b54b32f0936f40dc9be41f41fe1566710a75edbe2eb0a948ae4@3Cdev.fineract.apache.org3E
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: