CVE-2023-25197

MEDIUM

Apache Fineract < 1.8.2 - SQL Injection

Title source: rule

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2.

References (1)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/v0q9x86sx6f6l2nzr1z0nwm3y9qlng04

Scores

CVSS v3 6.3

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89

Status published

Affected Products (1)

apache/fineract < 1.8.2

Timeline

Published Mar 28, 2023

Tracked Since Feb 18, 2026