Vietsunshine

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 15.72.0 Frappe versions prior to 14.96.10 **Description** The `add tag()` function at `frappe/desk/doctype/tag/tag.py` is susceptible to SQL Injection. This allows an attacker to extract information from databases by injecting a SQL query into the `dt` parameter. **Recommendations** Update Frappe to version 15.72.0 or later. Update Frappe to version 14.96.10 or later.

**Name of the Vulnerable Software and Affected Versions** ERP versions prior to 14.89.2 ERP versions 15.0.0 through 15.75.1 **Description** ERP, a free and open source Enterprise Resource Planning tool, is susceptible to error-based SQL Injection due to insufficient validation of parameters. This allows retrieval of some information, such as the version. **Recommendations** Update to ERP version 14.89.2 or later. Update to ERP version 15.76.0 or later.