exploitDog

GHSA-33p9-qh39-m99v

Опубликовано: 26 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 7.1

CVSS3: 8.8

Описание

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

Ссылки

EPSS

Процентиль: 12%

0.0004

Низкий

7.1 High

CVSS4

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-11461

CVSS3: 8.8

nvd

2 месяца назад

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

EPSS

Процентиль: 12%

0.0004

Низкий

7.1 High

CVSS4

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89