Datnlq

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get stock balance for()` function located at `erpnext/stock/doctype/stock reconciliation/stock reconciliation.py` is susceptible to SQL Injection. An attacker can inject a SQL query through the `inventory dimensions dict` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get stock balance for()` function at `erpnext/stock/doctype/stock reconciliation/stock reconciliation.py` to prevent SQL Injection through the `inventory dimensions dict` parameter.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The function `get blanket orders()` at `erpnext/controllers/queries.py` is susceptible to SQL Injection. An attacker can potentially extract information from databases by injecting a SQL query into the `blanket order type` parameter. **Recommendations** Apply a fix for the SQL Injection issue in the `get blanket orders()` function at `erpnext/controllers/queries.py` in version 15.57.5.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get material requests based on supplier()` function located at `erpnext/stock/doctype/material request/material request.py` is susceptible to SQL Injection. An attacker can inject a SQL query into the `txt` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get material requests based on supplier()` function at `erpnext/stock/doctype/material request/material request.py` to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get rfq containing supplier()` function located at `erpnext/buying/doctype/request for quotation/request for quotation.py` is susceptible to SQL Injection. An attacker can inject a SQL query through the `txt` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix that properly sanitizes the `txt` parameter used in the `get rfq containing supplier()` function.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `get loyalty program details with points()` function located at `erpnext/accounts/doctype/loyalty program/loyalty program.py` is susceptible to SQL Injection. An attacker can inject a SQL query into the `expiry date` parameter, potentially allowing extraction of all information from databases. **Recommendations** Apply a fix to the `get loyalty program details with points()` function at `erpnext/accounts/doctype/loyalty program/loyalty program.py` to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** The `import coa()` function located at `erpnext/accounts/doctype/chart of accounts importer/chart of accounts importer.py` is susceptible to SQL injection. An attacker can inject a SQL query through the `company` parameter, potentially allowing extraction of all data from databases. The vulnerable function is `import coa()`. **Recommendations** Apply a fix for Frappe ERPNext version 15.57.5 to address the SQL injection issue in the `import coa()` function.

**Name of the Vulnerable Software and Affected Versions** Frappe ErpNext version 15.57.5 **Description** The `get timesheet detail rate()` function located at `erpnext/projects/doctype/timesheet/timesheet.py` is susceptible to SQL Injection. This allows an attacker to extract information from databases by injecting SQL queries through the `timelog` parameter. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `get timesheet detail rate()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Frappe ERPNext version 15.57.5 **Description** Frappe ERPNext version 15.57.5 contains a SQL injection issue in the `get stock balance()` function located at `erpnext/stock/utils.py`. An attacker can inject a SQL query into the `inventory dimensions dict` parameter, potentially allowing them to extract information from databases. **Recommendations** Update to version 15.57.6 or later.

**Name of the Vulnerable Software and Affected Versions** Totolink X6000R version V9.4.0cu.1360 B20241207 **Description** The device contains a command injection issue in the `sub 4184C0` function. An unauthenticated attacker can execute arbitrary commands by sending a crafted request through the `tz` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CraftCMS version 3.7.59 **Description** The issue concerns Server-Side Template Injection (SSTI), where an authenticated attacker can inject Twig Template into the User Photo Location field in User Settings, potentially leading to Remote Code Execution. However, the vendor disputes this vulnerability, stating that only Administrators can add this Twig code and are allowed to do so by design. The maintainers of Craft CMS also note that administrators have legitimate business needs for their permissions and that the underlying issue likely has little to no real-world security impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.