CNNVD-202508-2415 Information
CNNVD ID
CNNVD-202508-2415
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe存在安全漏洞,该漏洞源于特制请求可能导致SQL注入,访问敏感数据。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is a security loophole in Frappe Technologies Frappe, which stems from a specific request that could lead to an injection of SQL to access sensitive data.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Frappe Technologies
Published
2025-08-20
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-5p8f-568f-vfq2 https://github.com/frappe/frappe/commit/c2b01e3eb6f50e9bd05df0440f5cbf5dfbc1badd https://github.com/frappe/frappe/commit/93ee30c638bf7a7e33e2937a0adccac14c38b410 https://nvd.nist.gov/vuln/detail/CVE-2025-55731
Patch
https://github.com/frappe/frappe/releases
Share on: