Product
apache fineract
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-58137
CVE-2025-58130
CVE-2025-23408
CVE-2024-32838
CVE-2024-23539
CVE-2024-23538
CVE-2024-23537
CVE-2023-25197
CVE-2023-25196
CVE-2023-25195
CVE-2022-44635
CVE-2020-17514
CVE-2018-20243
CVE-2018-11801
CVE-2018-11800
CVE-2018-1292
CVE-2018-1291
CVE-2018-1290
CVE-2018-1289
CVE-2017-5663
< 1.12.1
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.
< 1.12.1
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The i
< 1.11.0
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fi
>= 1.4.0 and < 1.10.1
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vu
< 1.9.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue a
< 1.9.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue a
< 1.9.0
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended
>= 1.4.0 and <= 1.8.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation a
>= 1.4.0 and <= 1.8.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation A
>= 1.4.0 and <= 1.8.3
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited perm
< 1.8.1
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upl
< 1.5.0
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typica
>= 1.0.0 and <= 1.3.0
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is avail
< 1.3.0
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_
< 1.3.0
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the
all versions
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could i
all versions
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain spec
all versions
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two
all versions
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end poi
all versions
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/g