CNNVD-202509-1006 Information

CNNVD ID

CNNVD-202509-1006

Related CVE

CVE-2025-58439

• CNNVD Published: 2025-09-06

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 14.89.2之前版本和15.0.0至15.75.1版本存在SQL注入漏洞，该漏洞源于参数验证不足，可能导致SQL注入攻击。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. Pre-ERPNext 14.89.2 and 15.0.0 to 15.75.1 had an injection loophole in SQL, which stemmed from inadequate proof of parameters, which could lead to SQL injection attacks.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

ERPNext

Published

2025-09-06

Last Modified

2026-02-24

References

https://github.com/frappe/erpnext/pull/49219 https://github.com/frappe/erpnext/pull/49220 https://github.com/frappe/erpnext/security/advisories/GHSA-fvjw-5w9q-6v39 https://access.redhat.com/security/cve/cve-2025-58439

Patch

https://itsourcecode.com/free-projects/php-project/st-columban-student-information-management-system/