5 matches found
📄 ERPNext 14.82.1 Cross Site Request Forgery
ERPNext versions 14.82.1 and below suffer from a cross site request forgery vulnerability. Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage:...
CVE-2025-28062
creationtimestamp| type| source ---|---|--- 2025-05-05 20:03:55+00:00| seen| https://t.me/cvedetector/24475 2025-05-07 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lomcacts522k 2025-05-13 19:31:08+00:00| published-proof-of-concept|...
CVE-2025-28062
A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...
CVE-2025-28062
CVE-2025-28062 is a CSRF vulnerability in ERPNext versions 14.82.1 and 14.74.3. The issue arises from missing CSRF protections on critical administrative API endpoints (e.g., /api/method/frappe.desk.reportview.delete_items and /api/method/frappe.desk.form.save.savedocs), enabling an authenticated...
CVE-2025-28062
A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...