Описание
In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:frappe:erpnext:15.57.5:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.
EPSS
Процентиль: 14%
0.00046
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89