CNNVD-202602-579 Information

CNNVD ID

CNNVD-202602-579

Related CVE

CVE-2026-25514

• CNNVD Published: 2026-02-04

Description (Chinese)

FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.81之前版本存在安全漏洞，该漏洞源于自动完成功能中用户提供的参数直接拼接至SQL查询，可能导致SQL注入攻击。

Description (English)

FacturaScripts is an open source ERP software for the Spanish personal developer Carlos Garcia. The pre-FacturaScripts 2025.81 version contains a security loophole, which arises from the fact that the parameters provided by the user in the auto-completion function are directly linked to SQL queries, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/NeoRazorX/facturascripts/commit/5c070f82665b98efd2f914a4769c6dc9415f5b0f https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-pqqg-5f4f-8952

Patch

https://facturascripts.com/