Patrickt2017

**Name of the Vulnerable Software and Affected Versions** ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 **Description** Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker to extract sensitive information via specially crafted requests. **Recommendations** Update to version 15.104.3. Update to version 16.14.0.