PT-2019-13900 · Frappe · Frappe Framework

Publicado

2019-08-12

Atualizado

2019-08-16

CVE-2019-14966

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Frappe Framework versions 10 through 12 before 12.0.4

Description An issue was discovered that allows for authenticated SQL injection.

Recommendations For Frappe Framework versions 10 through 12 before 12.0.4, update to version 12.0.4 or later to resolve the issue.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2019-14966

Frappe Framework