CVE-2018-11800

Description

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

Affected products

• apache / Apache FineractApache Fineract versions before 1.3.0 are affected – Apache Fineract versions before 1.3.0 are affected

References

• MAILING_LISThttps://lists.apache.org/thread.html/32aa471180f8978b5f0ed64fcd862769f73c40bbe6cb948abdc899bf%40%3Cdev.fineract.apache.org%3E
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/05/09/1
• MISChttp://www.securityfocus.com/bid/108291