CNNVD-202602-581 Information

CNNVD ID

CNNVD-202602-581

Related CVE

CVE-2026-25513

• CNNVD Published: 2026-02-04

Description (Chinese)

FacturaScripts是西班牙Carlos Garcia个人开发者的一个开源 ERP 软件。 FacturaScripts 2025.81之前版本存在安全漏洞，该漏洞源于REST API中sort参数直接拼接至SQL ORDER BY子句，可能导致SQL注入攻击。

Description (English)

FacturaScripts is an open source ERP software for the Spanish personal developer Carlos Garcia. The pre-FacturaScripts 2025.81 version contains a security loophole, which stems from the direct integration of the sort parameters in the REST API to the SQL ORDER BY sentence, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/NeoRazorX/facturascripts/commit/1b6cdfa9ee1bb3365ea4a4ad753452035a027605 https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-cjfx-qhwm-hf99

Patch

https://facturascripts.com/