CNNVD-202510-063 Information
CNNVD ID
CNNVD-202510-063
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 15.57.5版本存在安全漏洞,该漏洞源于blanket_order_type参数未验证输入,可能导致SQL注入攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. Version 15,57.5 of Frappe Technologies 15,57.5 contains a security loophole that originates from the non-verified input of blanket order type parameters, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Frappe Technologies
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/1db135262d9474411ef54e3367d24bb169d2503e
Patch
https://github.com/frappe/erpnext/releases
Share on: