An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. There exists an authenticated SQL injection.
frappe frappe