Security Advisory

CVE-2022-41712

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-25 00:00:00

Last updated 2025-04-29 14:41:11

Assigner Fluid Attacks

State PUBLISHED

Description

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.

← Browse all CVEs View on cve.org ↗