CNNVD-202510-064 Information

CNNVD ID

CNNVD-202510-064

Related CVE

CVE-2025-52039

• CNNVD Published: 2025-10-01

Description (Chinese)

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 15.57.5版本存在安全漏洞，该漏洞源于txt参数未经验证，可能导致SQL注入攻击。

Description (English)

ERPNext is an open-source enterprise resource plan solution for ERPNext in India. There is a security loophole in version 1557.5 of ERPNext, which originates from unverified txt parameters and could lead to an attack by SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ERPNext

Published

2025-10-01

Last Modified

2026-02-24

References

https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.md https://github.com/frappe/erpnext/pull/49192/commits/de919568b4f7a86c8d418c0c3fd88e1f3101696c

Patch

https://github.com/frappe/erpnext/releases