Losevanni

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 15.84.0 and 14.99.0 **Description** Frappe is a full-stack web application framework. A specially crafted request to a certain endpoint could result in SQL injection, potentially allowing an attacker to extract information they wouldn't otherwise be able to access. The issue involves a bypass of access controls due to improper field sanitization. **Recommendations** Update to Frappe version 15.84.0 or 14.99.0.