Описание
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.
Ссылки
- Issue Tracking
- Issue Tracking
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.89.2 (исключая)Версия от 15.0.0 (включая) до 15.76.0 (исключая)
Одно из
cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
8.1 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.1
github
5 месяцев назад
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.
EPSS
Процентиль: 8%
0.0003
Низкий
8.1 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-89