{"id":"CVE-2018-1291","details":"Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the \"order\" param in such a way to read/update the data for which he doesn't have authorization.","modified":"2026-07-08T05:51:13.171238951Z","published":"2018-04-20T18:29:00.660Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:apache:fineract:0.4.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:fineract:0.5.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:fineract:0.6.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0.4.0"},{"last_affected":"0.4.0"},{"introduced":"0.5.0"},{"last_affected":"0.5.0"},{"introduced":"0.6.0"},{"last_affected":"0.6.0"}],"source":"CPE_STRING","vendor_product":"apache:fineract"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/1f7fadc93500b3fe14603b132b13c18fff3d0a35e50ebd0246f325c0%40%3Cdev.fineract.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104008"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/fineract","events":[{"introduced":"20db9d4373e3af579aa620c07cc23f87ef6853fe"},{"last_affected":"20db9d4373e3af579aa620c07cc23f87ef6853fe"}],"database_specific":{"cpe":"cpe:2.3:a:apache:fineract:1.0.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.0.0"},{"last_affected":"1.0.0"}],"source":"CPE_STRING"}}],"versions":["1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1291.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}