[ https://issues.apache.org/jira/browse/FINERACT-2024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ed Cable deleted FINERACT-2024: ------------------------------- > Error- based SQL Injection vulnerabilities in 3 endpoints > --------------------------------------------------------- > > Key: FINERACT-2024 > URL: https://issues.apache.org/jira/browse/FINERACT-2024 > Project: Apache Fineract > Issue Type: Bug > Reporter: Mihaly Dallos > Assignee: Mihaly Dallos > Priority: Blocker > > *SQL Injection at /fineract-provider/api/v1/loans* > The sqlSearch parameter appears to be vulnerable to SQL injection attacks. > The payload ' was submitted in the sqlSearch parameter, and a database error > message was returned. > *SQL Injection at /fineract-provider/api/v1/datatables/cdvfbn* > The URL path filename appears to be vulnerable to SQL injection attack. A > single quote was submitted in the URL path filename, and a database error > message was returned. Two single quotes were then submitted and the error > message disappeared. > *SQL Injection at /fineract-provider/api/v1/datatables/dfgh* > The URL path filename appears to be vulnerable to SQL injection attacks. (276 > kB) > https://festive-quiet-137.notion.site/SQL-Injection-at-fineract-provider-api-v1-datatables-dfgh-6c6649a66b2446999e74a060db0a4c32 > *SQL Injection at /fineract-provider/api/v1/clients* > The sqlSearch parameter appears to be vulnerable to SQL injection attacks. > The payload ' was submitted in the sqlSearch parameter, and a database error > message was returned. -- This message was sent by Atlassian Jira (v8.20.10#820010)