CVE-2024-32838

Published Feb 12, 2025

Last updated 15 days ago

CVSS critical 9.4

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-32838 refers to a SQL injection vulnerability present in Apache Fineract versions 1.9 and earlier. This vulnerability allows authenticated attackers to inject malicious data into the query parameters of several REST API endpoints, including those related to offices and dashboards. Exploiting this vulnerability could enable attackers to execute arbitrary SQL commands on the underlying database. To address this vulnerability, users are strongly advised to upgrade to Apache Fineract version 1.10.1 or later. This version incorporates a SQL validator designed to protect against SQL injection attacks by implementing various tests and checks on SQL queries.

Description
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.  Users are recommended to upgrade to version 1.10.1, which fixes this issue. A SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks.
Source
security@apache.org
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security@apache.org
CWE-89

Social media

Hype score
Not currently trending

  1. 🚨 Critical SQL Injection Vulnerability Alert! 🚨 CVE-2024-32838 affects Apache Fineract, potentially leading to data breaches and system compromise. If you're using Fineract, this is a must-read! This flaw allows authenticated attackers to inject malicious SQL commands through…

    @TheSecMaster1

    24 Feb 2025

    1004 Impressions

    4 Retweets

    13 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای محصول Apache Fineract آسیب پذیری با کد شناسایی CVE-2024-32838 منتشر شده است. این آسیب پذیری که از نوع sqlinjection بوده به هکرها امکان تزریق دیتای مخرب به دیتابیس و تغییر integrity را می دهد. نسخه های 1.4 تا 1.9 این محصول دارای این آسیب پذیری می باشند.

    @cybernetic_cy

    16 Feb 2025

    36 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. برای محصول Apache Fineract آسیب پذیری با کد شناسایی CVE-2024-32838 منتشر شده است. آسیب پذیری که از نوع sqlinjection بوده به هکرها امکان تزریق دیتای مخرب به دیتابیس و تغییر integrity را می دهد. نسخه های 1.4 تا 1.9 این محصول دارای این آسیب پذیری می باشند. https://t.co/Poz3aKY03t ht

    @AmirHossein_sec

    15 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Se ha identificado una vulnerabilidad crítica de inyección SQL en Apache Fineract (CVE-2024-32838) que afecta a las versiones 1.4 a 1.9. Un atacante puede aprovechar esta falla para inyectar código SQL malicioso en los parámetros de consulta en los puntos finales de una API. 🧉

    @MarquisioX

    14 Feb 2025

    26 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-32838 impacts Apache Fineract with SQL injection #ApacheFineract #CVE-2024-32838 https://t.co/gf6ahsp60X

    @pravin_karthik

    14 Feb 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-32838 (CVSS 9.4): Critical SQL Injection Flaw Threatens Apache Fineract Users https://t.co/VbN2Ohaid9

    @Dinosn

    14 Feb 2025

    2638 Impressions

    4 Retweets

    16 Likes

    3 Bookmarks

    0 Replies

    1 Quote

References