CVE-2019-14966

HIGH

Frappe 10.0.0-12.0.3 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.

References (6)

Core 6
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8044
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8045
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8046
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/pull/8047
Patch, Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4
Third Party Advisory x_refsource_misc
https://github.com/frappe/frappe/releases/tag/v12.0.4

Scores

CVSS v3 8.8
EPSS 0.0168
EPSS Percentile 74.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
frappe/frappe 10.0.0 - 12.0.4
Published Aug 12, 2019
Tracked Since Feb 18, 2026