CVE-2018-11800

Опубликовано: 11 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

Ссылки

http://www.openwall.com/lists/oss-security/2019/05/09/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108291
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/32aa471180f8978b5f0ed64fcd862769f73c40bbe6cb948abdc899bf%40%3Cdev.fineract.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/05/09/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108291
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/32aa471180f8978b5f0ed64fcd862769f73c40bbe6cb948abdc899bf%40%3Cdev.fineract.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*

Версия до 1.3.0 (исключая)

EPSS

Процентиль: 87%

0.03316

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2c85-r6w7-qf97

github

больше 3 лет назад