CNNVD-202509-4476 Information

CNNVD ID

CNNVD-202509-4476

Related CVE

CVE-2025-52043

• CNNVD Published: 2025-09-30

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext v15.57.5版本存在安全漏洞，该漏洞源于import_coa函数未验证company参数输入，可能导致SQL注入攻击。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. Version ERPNext v15.57.5 contains a security loophole, which originates from the failure of the Import coa function to verify the input of copany parameters, which may result in an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ERPNext

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/7fa4ed6139dfb737995fe297e40f4f5440c748c3

Patch

https://github.com/frappe/erpnext/releases