mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
931 B
931 B
CVE-2018-3884
Description
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
POC
Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0560
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0560
Github
No PoCs found on GitHub currently.