[jira] [Created] (FINERACT-2024) Error- based SQL Injection vulnerabilities in 3 endpoints

Tue, 05 Dec 2023 08:55:11 -0800 

Mihaly Dallos created FINERACT-2024:
---------------------------------------

             Summary: Error- based SQL Injection vulnerabilities in 3 endpoints
                 Key: FINERACT-2024
                 URL: https://issues.apache.org/jira/browse/FINERACT-2024
             Project: Apache Fineract
          Issue Type: Bug
            Reporter: Mihaly Dallos
            Assignee: Peter Bagrij
             Fix For: 1.9.0


*SQL Injection at /fineract-provider/api/v1/loans*
The sqlSearch parameter appears to be vulnerable to SQL injection attacks. The 
payload ' was submitted in the sqlSearch parameter, and a database error 
message was returned.

*SQL Injection at /fineract-provider/api/v1/datatables/cdvfbn*
The URL path filename appears to be vulnerable to SQL injection attack. A 
single quote was submitted in the URL path filename, and a database error 
message was returned. Two single quotes were then submitted and the error 
message disappeared. 

*SQL Injection at /fineract-provider/api/v1/datatables/dfgh*
The URL path filename appears to be vulnerable to SQL injection attacks. (276 
kB)
https://festive-quiet-137.notion.site/SQL-Injection-at-fineract-provider-api-v1-datatables-dfgh-6c6649a66b2446999e74a060db0a4c32

*SQL Injection at /fineract-provider/api/v1/clients*
The sqlSearch parameter appears to be vulnerable to SQL injection attacks. The 
payload ' was submitted in the sqlSearch parameter, and a database error 
message was returned. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to