First published: Mon Aug 12 2019(Updated: )
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Frappe Frappe | >=10.0.0<=12.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability identifier of this issue is CVE-2019-14966.
The severity of CVE-2019-14966 is high with a CVSS score of 8.8.
The affected software is Frappe Framework versions 10 through 12 before 12.0.4.
The vulnerability is an authenticated SQL injection.
To fix CVE-2019-14966, upgrade Frappe Framework to version 12.0.4 or later.