Primary

Context

Frappe SQL Injection Vulnerability Allowing Unauthorized Information Extraction

Vulnerability

Patched

A SQL injection vulnerability has been identified in the Frappe web application framework, affecting versions prior to 15.84.0 and 14.99.0. The issue arises from improper sanitization of input fields, allowing attackers to craft specific requests that manipulate SQL queries. This exploitation could lead to unauthorized data extraction.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to access information they should not be able to.

Remediation

Users are advised to upgrade to Frappe versions 15.84.0 or 14.99.0.

Added: Mar 11, 2026, 7:30 PM

Updated: Mar 11, 2026, 7:30 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe SQL Injection Vulnerability Allowing Unauthorized Information Extraction

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating