CNNVD-202512-1587 Information

CNNVD ID

CNNVD-202512-1587

Related CVE

CVE-2025-10655

• CNNVD Published: 2025-12-09

Description (Chinese)

Frappe Helpdesk是Frappe开源的一个客户服务软件。 Frappe Helpdesk 1.14.0版本存在SQL注入漏洞，该漏洞源于dashboard get_dashboard_data中用户控制参数不安全连接到动态SQL语句，可能导致SQL注入攻击。

Description (English)

Frappe Helpdesk is an open-source client service software for Frappe. Version 1.14.0 of Frappe Helpdesk has an injection loophole in SQL, which stems from the unsafe connection of user control parameters to dynamic SQL statements in dashboard get dashboard data, which may lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Frappe

Published

2025-12-09

Last Modified

2026-02-24

References

https://fluidattacks.com/advisories/dyango https://github.com/frappe/helpdesk https://github.com/frappe/helpdesk/pull/2795

Patch

https://github.com/frappe/helpdesk/releases