4 matches found
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...
CVE-2025-56381
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the orderby and groupby parameters...
ERPNext SQL Injection Vulnerability (CNVD-2020-44886)
ERPNext is an open source enterprise resource planning solution from ERPNext India. A SQL injection vulnerability exists in the 'frappe.desk.reportview.get' function in ERPNext version 11.1.38. The vulnerability stems from a lack of validation of externally entered SQL statements in database-base...