MoAlali/CVE-2025-56381

Releases0

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56381 ↗	Oct 2, 2025Thursday, 2 October 2025, 14:15	6.5 MEDIUM	—
ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.