5 matches found
ERPNext inventory_dimensions_dict parameter SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...
EUVD-2025-32017
Malicious code in bioql PyPI...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...
CVE-2025-52044
In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...