Apache Fineract is susceptible to a critical SQL Injection vulnerability, identified as CVE-2024-23538. This vulnerability arises due to improper neutralization of special elements used in SQL commands, potentially allowing attackers to manipulate database queries. Under certain system configurations, the “sqlSearch” parameter is vulnerable, enabling attackers to exploit the vulnerability and execute arbitrary SQL commands.
The severity of this issue is rated as critical, with a CVSS Base Score of 9.9. Attackers leveraging this vulnerability could achieve significant impact, including unauthorized access to sensitive data and potential compromise of the affected system’s integrity. Apache Software Foundation recommends immediate action to mitigate this risk by upgrading to Apache Fineract versions 1.8.5 or 1.9.0, which address the vulnerability and strengthen system security.
Reference:
