3 matches found
CVE-2018-3885
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The orderby parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger thes...
CVE-2018-3885
CVE-2018-3885 describes an exploitable SQL injection in the authenticated portion of ERPNext v10.1.6. The vulnerability allows injection via the order_by parameter in web requests, enabling data compromise. Exploitation can be performed using a browser (no special tools). Connected sources (Talos...
Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities
Vulnerabilities discovered by Yuri Kramar from the Cisco Security Advisor Team Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning ERP cloud application. These...