Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erpnext vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-6145
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Frappe Erpnext 11.1.38
578
VMScore
CVE-2018-3882
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a br...
Erpnext Erpnext 10.1.6
578
VMScore
CVE-2018-3883
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker ...
Erpnext Erpnext 10.1.6
578
VMScore
CVE-2018-3884
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can us...
Erpnext Erpnext 10.1.6
578
VMScore
CVE-2018-3885
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a brows...
Erpnext Erpnext 10.1.6
578
VMScore
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
Frappe Frappe
490
VMScore
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker c...
Frappe Erpnext 11.0.3
Frappe Erpnext
445
VMScore
CVE-2018-20061
A SQL injection issue exists in ERPNext 10.x and 11.x up to and including 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaSc...
Frappe Erpnext
Frappe Erpnext 11.0.3
435
VMScore
CVE-2018-11339
An XSS issue exists in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
Frappe Erpnext 11.x.x-develop B1036e5
1 EDB exploit
383
VMScore
CVE-2019-20515
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.
Frappe Erpnext 11.1.47
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »