8 matches found
EUVD-2025-32020
Malicious code in bioql PyPI...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...
PT-2025-40244
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The function get blanket orders at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can potentially extract information from databases by injecting a SQL query into the...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function get_blanket_orders() in erpnext/controllers/queries.py is vulnerable to SQL Injection via the blanket_order_type parameter due to unvalidated inputs, enabling an attacker to extract information from databases. The public documents do not provide exploitatio...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...