CNNVD-202510-340 Information
Oct 02, 2025
cve
CNNVD ID
CNNVD-202510-340
Related CVE
- CNNVD Published: 2025-10-02
Description (Chinese)
Frappe Technologies Frappe Framework是印度Frappe Technologies公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。 Frappe Technologies Frappe Framework 15.72.4版本存在安全漏洞,该漏洞源于frappe.client.get_value API端点中fieldname参数存在SQL注入,可能导致SQL注入攻击。
Description (English)
The Frappe Technologies Framework is a fully-fledged Web application framework based on metadata driven by Python and JavaScript in the Indian company Frappe Technologies. There is a security loophole in version 15.72.4 of Frappe Technologies Frappe.cent.get value API endpoint where the fildname parameter is injected into a possible SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Frappe Technologies
Published
2025-10-02
Last Modified
2026-02-24
References
https://github.com/MoAlali https://github.com/MoAlali/CVE-2025-56380
Share on: