ГлавнаяУязвимости → CVE-2025-66205
7.1высокая

CVE-2025-66205

Описание

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2.

Затрагиваемое ПО
Frappe Frappe
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Источники
https://github.com/frappe/frappe/commit/984c641bff9539b6126a01146096f133db6a955bhttps://github.com/frappe/frappe/security/advisories/GHSA-mp93-8vxr-hqq9