Thursday, September 6, 2018

Vulnerability Spotlight: TALOS-2018-0560 – ERPNext SQL Injection Vulnerabilities


Threat Research

Vulnerability Spotlight: TALOS-2018-0560 – ERPNext SQL Injection Vulnerabilities

Overview

Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities — no special tools are required.

<<READ MORE>>



from Cisco Blog » Security https://ift.tt/2MVHryg
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)