3 matches found
CVE-2018-3884
CVE-2018-3884 pertains to ERPNext v10.1.6 where the authenticated UI exposes SQL injection in the stock dashboard’s data retrieval. The vulnerability is triggered via the sort_by parameter (and related input paths in the Talos report) through normal web requests, potentially enabling data exposur...
CVE-2018-3884
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...
Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities
Vulnerabilities discovered by Yuri Kramar from the Cisco Security Advisor Team Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning ERP cloud application. These...