[
https://issues.apache.org/jira/browse/FINERACT-2024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ed Cable deleted FINERACT-2024:
-------------------------------
> Error- based SQL Injection vulnerabilities in 3 endpoints
> ---------------------------------------------------------
>
> Key: FINERACT-2024
> URL: https://issues.apache.org/jira/browse/FINERACT-2024
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Mihaly Dallos
> Assignee: Mihaly Dallos
> Priority: Blocker
>
> *SQL Injection at /fineract-provider/api/v1/loans*
> The sqlSearch parameter appears to be vulnerable to SQL injection attacks.
> The payload ' was submitted in the sqlSearch parameter, and a database error
> message was returned.
> *SQL Injection at /fineract-provider/api/v1/datatables/cdvfbn*
> The URL path filename appears to be vulnerable to SQL injection attack. A
> single quote was submitted in the URL path filename, and a database error
> message was returned. Two single quotes were then submitted and the error
> message disappeared.
> *SQL Injection at /fineract-provider/api/v1/datatables/dfgh*
> The URL path filename appears to be vulnerable to SQL injection attacks. (276
> kB)
> https://festive-quiet-137.notion.site/SQL-Injection-at-fineract-provider-api-v1-datatables-dfgh-6c6649a66b2446999e74a060db0a4c32
> *SQL Injection at /fineract-provider/api/v1/clients*
> The sqlSearch parameter appears to be vulnerable to SQL injection attacks.
> The payload ' was submitted in the sqlSearch parameter, and a database error
> message was returned.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
