CNNVD-202508-2410 Information
CNNVD ID
CNNVD-202508-2410
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 15.74.2版本和14.96.15之前版本存在安全漏洞,该漏洞源于特制请求可能导致SQL注入,访问敏感数据。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is a security loophole in the Frappe Technologies 15.74.2 and before 14.96.15, which can result from ad hoc requests that may result in SQL injections and access to sensitive data.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Frappe Technologies
Published
2025-08-20
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-6rpr-2hjx-w9vp https://github.com/frappe/frappe/commit/abe2cc25e333cd794405d12caec4da0279a54e6e https://github.com/frappe/frappe/commit/24dd2d9420a7c68ce09875cb18586d1bf071c857 https://nvd.nist.gov/vuln/detail/CVE-2025-55732
Patch
https://github.com/frappe/frappe/releases
Share on: