CVE-2023-54345

HIGH

Frappe Framework ERPNext 13.4.0 Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54345. PoCs published by Sander Ferdinand.

AI-analyzed exploit summary This exploit demonstrates a sandbox escape in Frappe Framework (ERPNext) 13.4.0 by leveraging RestrictedPython's unsafe handling of `gi_frame` to achieve remote code execution. It requires 'System Manager' role and `server_script_enabled` set to `true`.

Description

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.

Exploits (1)

exploitdb WORKING POC

by Sander Ferdinand · textwebappspython

https://www.exploit-db.com/exploits/51580

View Code ZIP pw:eip

This exploit demonstrates a sandbox escape in Frappe Framework (ERPNext) 13.4.0 by leveraging RestrictedPython's unsafe handling of `gi_frame` to achieve remote code execution. It requires 'System Manager' role and `server_script_enabled` set to `true`.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Frappe Framework (ERPNext) 13.4.0

Auth required

Prerequisites: System Manager role · server_script_enabled set to true

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 05, 2026 Full analysis →

References (8)

Core 8

Core References

Exploit exploit

ExploitDB-51580

https://www.exploit-db.com/exploits/51580

Product product

Official Product Homepage

http://erpnext.org

Product product

Product Reference

https://github.com/frappe/frappe/

Third Party Advisory third-party-advisory

Reference

https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/

Product product

Source Code Repository

https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6

Third Party Advisory third-party-advisory

Reference

https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script

Product product

Source Code Repository

https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42

Third Party Advisory third-party-advisory

VulnCheck Advisory: Frappe Framework ERPNext 13.4.0 Remote Code Execution

https://www.vulncheck.com/advisories/frappe-framework-erpnext-remote-code-execution

Scores

CVSS v3 8.8

EPSS 0.0061

EPSS Percentile 44.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (3)

Erpnext/Frappe Framework (ERPNext) 13.4.0

frappe/erpnext 13.4.0

Frappe Technologies/Frappe Framework (ERPNext) 13.4.0

Published May 05, 2026

Tracked Since May 05, 2026