Security Advisory

CVE-2025-52044

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-16 00:00:00

Last updated 2025-09-17 13:43:03

Assigner mitre

State PUBLISHED

Description

In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict parameter.

← Browse all CVEs View on cve.org ↗