Security Advisory

CVE-2017-1000120

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-04 01:00:00

Last updated 2024-09-17 01:40:58

Assigner mitre

State PUBLISHED

Description

[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.

← Browse all CVEs View on cve.org ↗