mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
922 B
922 B
CVE-2018-3885
Description
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
POC
Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0560
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0560
Github
No PoCs found on GitHub currently.