CVE-2025-52040
In Frappe ERPNext 15.57.5, the function get_blanket_orders() in erpnext/controllers/queries.py is vulnerable to SQL Injection via the blanket_order_type parameter due to unvalidated inputs, enabling an attacker to extract information from databases. The public documents do not provide exploitatio...