CVE-2018-1290

Name of the Vulnerable Software and Affected Versions Apache Fineract versions 0.4.0-incubating through 1.0.0

Description The issue allows for SQL injection by using a single quotation escape with two continuous SQL parameters. This can be exploited in methods such as retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

Recommendations For Apache Fineract versions 0.4.0-incubating through 1.0.0, consider restricting the use of the retrieveAuditEntries and retrieveCommands methods until a patch is available. As a temporary workaround, avoid using continuous SQL parameters in these methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.