ERPNext 12.14.0 - SQL Injection (Authenticated)

Exploit Title: ERPNext 12.14.0 - SQL Injection Authenticated Date: 21-01-21 Exploit Author: Hodorsec Vendor Homepage: http://erpnext.org Software Link: https://erpnext.org/download Version: 12.14.0 Tested on: Ubuntu 18.04 !/usr/bin/python3 AUTHENTICATED SQL INJECTION VULNERABILITY In short: Found...