CNNVD-202510-061 Information

CNNVD ID

CNNVD-202510-061

Related CVE

CVE-2025-52042

• CNNVD Published: 2025-10-01

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 15.57.5版本存在安全漏洞，该漏洞源于get_rfq_containing_supplier函数对txt参数处理不当，可能导致SQL注入攻击。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. ERPNext 1557.5 has a security loophole, which stems from the inappropriate handling of txt parameters in the Get refq containing supplier function, which may result in an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ERPNext

Published

2025-10-01

Last Modified

2026-02-24

References

https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/7f2a52ff71a1fd5d4a9034cf217094c0be9f341a

Patch

https://github.com/frappe/erpnext/releases