CVE-2023-25197

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25197

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25197.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-25197

Published

2023-03-28T12:15:07.430Z

Modified

2025-11-15T06:18:05.812281Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components.

This issue affects apache fineract: from 1.4 through 1.8.2.

References

https://lists.apache.org/thread/v0q9x86sx6f6l2nzr1z0nwm3y9qlng04

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type: GIT
Repo: https://github.com/apache/fineract
Events: Introduced

ee99f30e532c828338210bb412b7f876a534f02a

Last affected

2a6f4799e0e380edd90a888a872abbc70e49357a

Affected versions

1.*

1.4.0

1.5.0

1.7.0

1.8.0

1.8.1

1.8.2