CNNVD-202509-4474 Information

CNNVD ID

CNNVD-202509-4474

Related CVE

CVE-2025-52049

• CNNVD Published: 2025-09-30

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ErpNext v15.57.5版本存在安全漏洞，该漏洞源于timelog参数未经验证，可能导致SQL注入攻击。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. ErpNext v15.57.5 contains a security loophole, which originates from unverified timelog parameters and could lead to an attack by SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ERPNext

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/e563ed0c75fd20135a6ad288e957e75eac7d3b8d

Patch

https://github.com/frappe/erpnext/releases