Описание
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:fineract:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:fineract:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:fineract:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:fineract:1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00569
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
EPSS
Процентиль: 68%
0.00569
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-89