Yeuchimse

#11331de 53,638
24.3CVSS total
Vulnerabilidades · 3
Alta
3
PT-2025-12807
7.5
2025-03-25
Unknown · Frappe Framework · CVE-2025-30212
**Nome do Software Vulnerável e Versões Afetadas** Versões do Frappe Framework anteriores à 14.89.0 Versões do Frappe Framework anteriores à 15.51.0 **Descrição** Um problema de segurança foi identificado no Frappe Framework, que é um framework de aplicação web full-stack. O problema está relacionado a Injeção de SQL, permitindo que um ator malicioso acesse informações sensíveis. **Recomendações** Para versões anteriores à 14.89.0, atualize para a versão 14.89.0 ou posterior para resolver o problema. Para versões anteriores à 15.51.0, atualize para a versão 15.51.0 ou posterior para resolver o problema.
PT-2025-12809
8.8
2025-03-25
Frappe · Frappe · CVE-2025-30213
**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.91.0 and prior to 15.52.0 **Description** Frappe is a full-stack web application framework. A system user could create specific documents in a manner that allows for remote code execution. **Recommendations** Frappe versions prior to 14.91.0 must be upgraded to version 14.91.0 or later. Frappe versions prior to 15.52.0 must be upgraded to version 15.52.0 or later.
PT-2025-12810
8.0
2025-03-25
Frappe · Frappe · CVE-2025-30214
**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.89.0 Frappe versions prior to 15.51.0 **Description** The issue allows for information disclosure through crafted requests, potentially leading to account takeover. **Recommendations** For versions prior to 14.89.0, update to version 14.89.0 or later. For versions prior to 15.51.0, update to version 15.51.0 or later. At the moment, there is no information about other workarounds that can fix this issue without upgrading.