First published: Fri Mar 29 2024(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
<1.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23539 is classified as a critical SQL injection vulnerability in Apache Fineract affecting versions below 1.8.5.
To mitigate CVE-2024-23539, users should upgrade Apache Fineract to version 1.8.5 or 1.9.0.
CVE-2024-23539 affects Apache Fineract versions prior to 1.8.5.
SQL injection in CVE-2024-23539 refers to the improper neutralization of special elements in SQL commands, making it possible for attackers to execute arbitrary SQL queries.
It is highly discouraged to use Apache Fineract versions below 1.8.5 due to the severe security risks posed by CVE-2024-23539.