CNNVD-202510-062 Information

CNNVD ID

CNNVD-202510-062

Related CVE

CVE-2025-52041

• CNNVD Published: 2025-10-01

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 15.57.5版本存在安全漏洞，该漏洞源于inventory_dimensions_dict参数存在SQL注入，可能导致数据库信息泄露。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. Version 15.57.5 of ERPNext contains a security loophole that originates from the inventory dimensions dict parameters being injected into SQL, which may lead to the disclosure of database information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ERPNext

Published

2025-10-01

Last Modified

2026-02-24

References

https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/eb22794f14351c2ff5731548c48bef0b91765c86

Patch

https://github.com/frappe/erpnext/releases