{"vulnerability": "CVE-2024-32838", "sightings": [{"uuid": "5fc45ac7-bc13-4dff-9308-eff153b084ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxoof752i", "content": "", "creation_timestamp": "2025-02-12T10:16:16.467470Z"}, {"uuid": "c7234ce5-d7f9-43dd-9006-b4642522cefe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lhyjsr5se72b", "content": "", "creation_timestamp": "2025-02-12T15:53:32.090418Z"}, {"uuid": "2d53ea68-5f7d-4de4-aefe-5feeabfd6113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3li46isrkh22q", "content": "", "creation_timestamp": "2025-02-14T02:41:48.080951Z"}, {"uuid": "954dd145-4687-4529-b366-73153c03a4ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4091", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-32838\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.\u00a0\nUsers are recommended to upgrade to version 1.10.1, which fixes this issue.\n\nA SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-32838\n2. https://lists.apache.org/thread/7l88h17pn9nf8zpx5bbojk7ko5oxo1dy", "creation_timestamp": "2025-02-12T13:11:18.000000Z"}, {"uuid": "89d75305-209b-4d47-88c7-d89bf33d9644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3li6lhgqrwk27", "content": "", "creation_timestamp": "2025-02-15T01:38:58.976042Z"}, {"uuid": "1b976b0e-12e1-4802-864b-25ff02a32f90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4065", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-32838\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:13.043\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/7l88h17pn9nf8zpx5bbojk7ko5oxo1dy", "creation_timestamp": "2025-02-12T11:10:36.000000Z"}, {"uuid": "947208ee-71ad-4dc5-a47f-e090db9a0715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://t.me/cvedetector/17837", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-32838 - Apache Fineract SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-32838 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.\u00a0  \nUsers are recommended to upgrade to version 1.10.1, which fixes this issue.  \n  \nA SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:38.000000Z"}, {"uuid": "86c3a820-20a7-43a1-a8c0-60c5989ade84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-32838", "type": "seen", "source": "https://t.me/CyberBulletin/2328", "content": "\u26a1CVE-2024-32838 (CVSS 9.4): Critical SQL Injection Flaw Threatens Apache Fineract Users.\n\n#CyberBulletin", "creation_timestamp": "2025-02-14T15:21:05.000000Z"}]}