exploitDog

GHSA-899m-3xff-2xg9

Опубликовано: 02 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

Ссылки

EPSS

Процентиль: 14%

0.00046

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-56381

CVSS3: 6.5

nvd

4 месяца назад

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

EPSS

Процентиль: 14%

0.00046

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89