CVE-2025-52048
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at `frappe/desk/doctype/tag/tag.py` is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the `dt` parameter.
Low code web framework for real world applications, in Python and Javascript
GitHub