CVE-2023-25196

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25196

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25196.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-25196

Published

2023-03-28T12:15:07.360Z

Modified

2025-11-15T06:18:05.816757Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.

This issue affects Apache Fineract: from 1.4 through 1.8.2.

References

https://lists.apache.org/thread/m9x3vpn3bry4fympkzxnnz4qx0oc0w8m

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type: GIT
Repo: https://github.com/apache/fineract
Events: Introduced

ee99f30e532c828338210bb412b7f876a534f02a

Last affected

2a6f4799e0e380edd90a888a872abbc70e49357a

Affected versions

1.*

1.4.0

1.5.0

1.7.0

1.8.0

1.8.1

1.8.2