9 matches found
CVE-2025-66205
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-66206
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-66205
CVE-2025-66205 affects the Frappe framework. Prior to versions 15.86.0 and 14.99.2, a specific endpoint mishandled parameter validation, enabling error-based SQL injection and potential disclosure of information such as the version. The vulnerability is fixed in 15.86.0 and 14.99.2. Remediation: ...
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
PT-2025-48549
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, contains a flaw due to insufficient validation of parameters. This allows for error-based SQL injection through a...
Frappe Technologies Frappe 路径遍历漏洞
Frappe Technologies Frappe is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe Technologies, India. A path traversal vulnerability exists in Frappe Technologies Frappe versions prior to 15.86.0 and prior to 14.99.2, which stems from a path traversa...