Apache Fineract: SQL injection vulnerabilities in offices API endpoint

SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.  Users are recommended to upgrade to version 1.10.1, which fixes this issue. A SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Apache Fineract 安全漏洞

Apache Fineract是美国阿帕奇（Apache）基金会的一套开源数字金融服务平台。该平台能够为用户提供数据管理、贷款和储蓄投资组合管理以及实时财务数据等功能。 Apache Fineract 1.4版本至1.9版本存在安全漏洞，该漏洞源于存在SQL注入漏洞，允许经过身份验证的攻击者将恶意数据注入某些REST API端点的查询参数。

N/A

N/A