3 matches found
ERPNext import_coa function SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...
CVE-2025-52043
In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...
PT-2025-39989
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The import coa function located at erpnext/accounts/doctype/chart of accounts importer/chart of accounts importer.py is susceptible to SQL injection. An attacker can inject a SQL query through the...