Primary

Context

Frappe Framework SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in Frappe Framework versions prior to 14.93.2 and 15.55.0. This vulnerability could allow a malicious actor to access sensitive information. The issue arises from improper validation, which could be exploited through a specially crafted request.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling access to sensitive information.

Remediation

Users are advised to upgrade to Frappe Framework versions 14.93.2 or 15.55.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Framework SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating