圆珠笔

**Name of the Vulnerable Software and Affected Versions** Apache Fineract versions 0.4.0-incubating through 1.0.0 **Description** The issue allows a hacker to inject SQL, enabling them to read or update data without proper authorization. This is achieved by exploiting the `reportName` parameter within the `getReportType` method. **Recommendations** For Apache Fineract versions 0.4.0-incubating through 1.0.0, as a temporary workaround, consider restricting access to the `getReportType` method until a patch is available. Avoid using the `reportName` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.