3 matches found
CVE-2018-3882
ERPNext v10.1.6 contains exploitable SQL injection vulnerabilities in the authenticated area, notably via the searchfield parameter, enabling data compromise through crafted requests. Multiple sources (NVD entry CVE-2018-3882 and TALOS reports TALOS-2018-0560, TALOSBLOG) confirm SQLi in authentic...
CVE-2018-3882
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger...
Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities
Vulnerabilities discovered by Yuri Kramar from the Cisco Security Advisor Team Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning ERP cloud application. These...