27 matches found
EUVD-2018-11243
Malware in sbrugna...
EUVD-2025-32134
Malicious code in bioql PyPI...
EUVD-2022-6568
Malicious code in bioql PyPI...
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...
Frappe Technologies Frappe Framework ๅฎๅ จๆผๆด
Frappe Technologies Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe Framework version 15.72.4, which stems from an SQL injection in the fieldnam...
๐ ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection
A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...
CVE-2025-56380
CVE-2025-56380 affects Frappe Framework/ERPNext codebase (Frappe v15.72.4; ERPNext v15.67.0) via a SQL injection in the fieldname parameter of the frappe.client.get_value API endpoint. The vulnerability arises from unsafe concatenation of user input into SQL within the /api/method/frappe.client.g...
PT-2025-40353
Name of the Vulnerable Software and Affected Versions Frappe Framework version 15.72.4 Description A SQL injection issue exists in Frappe Framework. The issue is located in the fieldname parameter of the frappe.client.get value API endpoint. A crafted script provided to the fieldname parameter ca...
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...
CVE-2025-56380
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...
CVE-2022-36272
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...
Faculty Management System SQL Injection Vulnerability
Faculty Management System is a code-projects open source faculty management system . Faculty Management System version 1.0 SQL injection vulnerability , the vulnerability stems from /admin/php/crud.php in the presence of an unknown function , through the parameter fieldname lead to SQL injection...
PT-2023-32870
Name of the Vulnerable Software and Affected Versions code-projects Faculty Management System version 1.0 Description A critical issue affects some unknown functionality of the file /admin/php/crud.php. The manipulation of the fieldname argument leads to sql injection. The attack may be launched...
CVE-2023-37826
A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter...
CVE-2023-37826
A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter...
CVE-2023-37826
A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter...
General Solutions Steiner CASE 3 Taskmanagement Cross-Site Scripting Vulnerability
General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner, Austria. A security vulnerability exists in General Solutions Steiner CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...