10 matches found
EUVD-2025-29577
Malicious code in bioql PyPI...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
PT-2025-37984
Name of the Vulnerable Software and Affected Versions: Frappe ERPNext version 15.57.5 Description: Frappe ERPNext version 15.57.5 contains a SQL injection issue in the get stock balance function located at erpnext/stock/utils.py. An attacker can inject a SQL query into the inventory dimensions di...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the get_stock_balance() function in erpnext/stock/utils.py is vulnerable to SQL Injection via the inventory_dimensions_dict parameter, potentially allowing an attacker to extract data from databases. Connected documents confirm the affected software, vulnerable compone...