Apache Fineract

20 CVEs affecting Apache Fineract. Latest disclosed: 2025-12-12. Critical: 5, High: 12.

Top CVEs affecting Apache Fineract
CVESeverityScorePublishedSummary
CVE-2024-23538Critical9.92024-03-29Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8…
CVE-2018-11801Critical9.82019-06-11SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
CVE-2018-11800Critical9.82019-06-11SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related ta…
CVE-2018-1290Critical9.82018-04-20In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can…
CVE-2025-58130Critical9.12025-12-12Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12…
CVE-2024-32838High8.82025-02-12SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an au…
CVE-2022-44635High8.82022-11-29Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Finer…
CVE-2018-1289High8.82018-04-20In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific…
CVE-2017-5663High8.82017-12-14In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able…
CVE-2024-23537High8.42024-03-29Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0…
CVE-2024-23539High8.32024-03-29Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8…
CVE-2025-58137High8.12025-12-12Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in v…
CVE-2023-25195High8.12023-03-28Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to se…
CVE-2018-1292High8.12018-04-20Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data…
CVE-2018-1291High8.12018-04-20Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Pa…
CVE-2018-20243High7.52020-10-13The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues…
CVE-2020-17514High7.42021-05-27Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the m…
CVE-2025-23408Medium6.52025-12-12Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users…
CVE-2023-25197Medium6.32023-03-28Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized us…
CVE-2023-25196Medium4.32023-03-28Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized us…