漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frappe has possibility of SQL injection due to improper validations
Vulnerability Description
Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Frappe Technologies Frappe SQL注入漏洞
Vulnerability Description
Frappe Technologies Frappe是印度Frappe Technologies公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。 Frappe Technologies Frappe 14.93.2之前版本和15.55.0之前版本存在SQL注入漏洞,该漏洞源于SQL注入,可能导致访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A