Tín Phạm (aka TF1T)

14 exploits Active since Oct 2023
CVE-2023-44008 WRITEUP CRITICAL WRITEUP
mojoportal 2.7.0.0 - Remote Code Execution via File Manager Upload
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVSS 9.8
CVE-2023-44009 WRITEUP CRITICAL WRITEUP
mojoportal 2.7.0.0 - Remote Code Execution via Skin Management File Upload
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
CVSS 9.8
CVE-2023-44011 WRITEUP CRITICAL WRITEUP
mojoportal 2.7.0.0 - Remote Code Execution via Skin Management Layout.master File
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
CVSS 9.8
CVE-2023-44012 WRITEUP MEDIUM WRITEUP
mojoportal 2.7.0.0 - Cross-Site Scripting via Help.aspx helpkey Parameter
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
CVSS 6.1
CVE-2025-52039 WRITEUP HIGH WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via txt Parameter in get_material_requests_based_on_supplier()
In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter.
CVSS 8.2
CVE-2025-52040 WRITEUP HIGH WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via blanket_order_type Parameter
In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.
CVSS 8.2
CVE-2025-52041 WRITEUP HIGH WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via inventory_dimensions_dict Parameter
In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter.
CVSS 8.2
CVE-2025-52042 WRITEUP HIGH WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via txt Parameter in get_rfq_containing_supplier()
In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter.
CVSS 8.2
CVE-2025-52043 WRITEUP MEDIUM WRITEUP
Frappe ERPNext v15.57.5 - SQL Injection via import_coa() company parameter
In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter.
CVSS 6.5
CVE-2025-52044 WRITEUP HIGH WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via get_stock_balance() inventory_dimensions_dict Parameter
In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventory_dimensions_dict parameter.
CVSS 7.5
CVE-2025-52047 WRITEUP MEDIUM WRITEUP
Frappe ErpNext v15.57.5 - SQL Injection via filters.disabled Parameter
In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.
CVSS 6.5
CVE-2025-52048 WRITEUP MEDIUM WRITEUP
Frappe 14.0.0-14.96.10 - SQL Injection via dt Parameter in add_tag()
In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at `frappe/desk/doctype/tag/tag.py` is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the `dt` parameter.
CVSS 6.5
CVE-2025-52049 WRITEUP MEDIUM WRITEUP
Frappe ErpNext v15.57.5 - SQL Injection via timelog Parameter in get_timesheet_detail_rate()
In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter.
CVSS 6.5
CVE-2025-52050 WRITEUP MEDIUM WRITEUP
Frappe ERPNext 15.57.5 - SQL Injection via Loyalty Program Expiry Date Parameter
In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expiry_date parameter.
CVSS 6.5