CNNVD-202506-3778 Information
CNNVD ID
CNNVD-202506-3778
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.94.3之前版本和15.58.0之前版本存在SQL注入漏洞,该漏洞源于特制请求可能导致SQL注入攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. The previous version of Frappe Technologies 14.94.3 and the pre-version of 15.58.0 had an injection loophole in SQL, which arose out of ad hoc requests that could lead to an attack on SQL.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Frappe Technologies
Published
2025-06-30
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/commit/f0933590103c80c6393647dd0403d399e64c951c https://github.com/frappe/frappe/pull/31526 https://github.com/frappe/frappe/security/advisories/GHSA-mhj8-jfhf-mcw9 https://github.com/frappe/frappe/commit/c795e351be033070174437324d74f44759a744a6 https://access.redhat.com/security/cve/cve-2025-52895
Patch
https://github.com/frappe/frappe/releases
Share on: