Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Published: Nov 29, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-44635
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
apache / fineract	-	1.8.1

http://www.openwall.com/lists/oss-security/2022/11/29/3
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo