CVE-2023-25196

MEDIUM

Apache Fineract < 1.8.2 - SQL Injection

Title source: rule

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2.

References (1)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/m9x3vpn3bry4fympkzxnnz4qx0oc0w8m

Scores

CVSS v3 4.3

EPSS 0.0048

EPSS Percentile 64.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-89

Status published

Affected Products (1)

apache/fineract < 1.8.2

Timeline

Published Mar 28, 2023

Tracked Since Feb 18, 2026