Security Advisory

CVE-2025-11461

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-26 17:45:05

Last updated 2025-12-03 16:16:06

Assigner Fluid Attacks

State PUBLISHED

Description

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

← Browse all CVEs View on cve.org ↗