CNNVD-202511-2872 Information

CNNVD ID

CNNVD-202511-2872

Related CVE

CVE-2025-11461

• CNNVD Published: 2025-11-26

Description (Chinese)

Frappe CRM是Frappe开源的一个功能齐全的客户关系管理系统。 Frappe CRM 1.53.1版本存在SQL注入漏洞，该漏洞源于用户控制参数不安全连接到动态SQL语句，可能导致SQL注入攻击。

Description (English)

Frappe CRM is a fully functional customer relationship management system (CRM) that is an open source for Frappe. Version 1.53.1 of Frappe CRM has an injection loophole in SQL, which arises from the unsafe connection of user control parameters to dynamic SQL statements, which may lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Frappe

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/frappe/crm/pull/1339 https://fluidattacks.com/advisories/oz https://access.redhat.com/security/cve/cve-2025-11461

Patch

https://github.com/frappe/crm/releases