CVE-2025-52048 in FrappeИнформация

Сводка

по MITRE • 15.09.2025

In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at `frappe/desk/doctype/tag/tag.py` is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the `dt` parameter.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Ответственный

MITRE

Резервировать

16.06.2025

Раскрытие

15.09.2025

Модерация

принято

Вход

VDB-324120

EPSS

0.00244

KEV

Нет

Деятельности

Очень низкий

Источники

Want to stay up to date on a daily basis?

Enable the mail alert feature now!