3 matches found
ERPNext frappe.desk.reportview.get SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...
CVE-2020-6145
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6145
CVE-2020-6145 affects ERPNext 11.1.38 via the function frappe.desk.reportview.get . The vulnerability is an SQL injection caused by unsafely handling inputs in the request (e.g., POST data) that flows into database queries, potentially enabling an attacker with authenticated access to manipulate ...