Security Advisory

CVE-2025-52049

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-30 00:00:00

Last updated 2025-09-30 19:37:58

Assigner mitre

State PUBLISHED

Description

In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter.

← Browse all CVEs View on cve.org ↗