CNNVD-202509-2500 Information
CNNVD ID
CNNVD-202509-2500
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext v15.57.5版本存在安全漏洞,该漏洞源于对inventory_dimensions_dict参数未进行充分验证,可能导致SQL注入攻击。
Description (English)
ERPNext is an open-source enterprise resource plan solution for ERPNext in India. Version ERPNext v15.57.5 has a security loophole, which results from the failure to adequately validate the parameters of inventory dimensions dict, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
亿赛通
Published
2025-09-16
Last Modified
2026-02-24
References
https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/eb22794f14351c2ff5731548c48bef0b91765c86 https://access.redhat.com/security/cve/cve-2025-52044
Patch
https://github.com/frappe/erpnext/releases
Share on: