PT-2025-49978 · Frappe · Frappe Helpdesk
Cristian Vargas
·
Publicado
2025-12-05
·
Atualizado
2026-01-06
·
CVE-2025-10655
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Frappe HelpDesk version 1.14.0
Description
A SQL injection issue exists in Frappe HelpDesk within the
get dashboard data function of the dashboard component. This is due to the unsafe combination of user-supplied data directly into SQL queries. The vulnerability allows for potential unauthorized access or modification of data.Recommendations
Apply updates to address the SQL injection issue in the
get dashboard data function.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Frappe Helpdesk