Primary

Context

Frappe SQL Injection Vulnerability Allowing Access to Sensitive Information

Vulnerability

Patched

A SQL injection vulnerability has been identified in the Frappe web application framework, affecting versions prior to 14.94.3 and 15.58.0. The vulnerability arises from improper validation, allowing malicious individuals to craft requests that could access sensitive information. This issue has been addressed in the latest versions, but no alternative workarounds are available.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries and potentially access or modify sensitive information.

Remediation

Users are advised to upgrade to Frappe versions 14.94.3 or 15.58.0.

Added: Jun 30, 2025, 5:40 PM

Updated: Jun 30, 2025, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe SQL Injection Vulnerability Allowing Access to Sensitive Information

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating