17 matches found
ERPNext inventory_dimensions_dict parameter SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...
EUVD-2025-29577
Malicious code in bioql PyPI...
EUVD-2025-32017
Malicious code in bioql PyPI...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
PT-2025-40245
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get stock balance for function located at erpnext/stock/doctype/stock reconciliation/stock reconciliation.py is susceptible to SQL Injection. An attacker can inject a SQL query through the invento...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
PT-2025-37984
Name of the Vulnerable Software and Affected Versions: Frappe ERPNext version 15.57.5 Description: Frappe ERPNext version 15.57.5 contains a SQL injection issue in the get stock balance function located at erpnext/stock/utils.py. An attacker can inject a SQL query into the inventory dimensions di...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the get_stock_balance() function in erpnext/stock/utils.py is vulnerable to SQL Injection via the inventory_dimensions_dict parameter, potentially allowing an attacker to extract data from databases. Connected documents confirm the affected software, vulnerable compone...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext version v15.57.5 that stems from insufficient validation of the inventorydimensionsdict parameter, which could lead to an SQL injection attack...