CVE-2018-20061
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call.
Se ha descubierto un problema de inyección SQL en ERPNext, en versiones 10.x y 11.x hasta la 11.0.3-beta.29. Este ataque solo está disponible para un usuario que haya iniciado sesión; sin embargo, muchos sitios de ERPNext permiten la creación de cuentas mediante la web. No se necesitan privilegios especiales para llevar a cabo el ataque. Al llamar a una función JavaScript que llama a una función de Python del lado del servidor con argumentos cuidadosamente escogidos, se puede realizar un ataque SQL que permite que se construyan consultas SQL que devuelvan cualquier columna de cualquier tabla de la base de datos. Esto está relacionado con los URI frappe.get_list y frappe.call en /api/resource/Item?fields=.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-11 CVE Reserved
- 2018-12-11 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/frappe/erpnext/issues/15337 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | >= 10.0.0 <= 10.1.76 Search vendor "Frappe" for product "Erpnext" and version " >= 10.0.0 <= 10.1.76" | - |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | >= 11.0.0 < 11.0.3 Search vendor "Frappe" for product "Erpnext" and version " >= 11.0.0 < 11.0.3" | - |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta10 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta11 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta12 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta13 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta14 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta15 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta16 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta17 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta18 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta19 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta2 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta20 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta21 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta22 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta23 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta24 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta25 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta26 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta27 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta28 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta29 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta3 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta4 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta5 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta6 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta7 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta8 |
Affected
| ||||||
| Frappe Search vendor "Frappe" | Erpnext Search vendor "Frappe" for product "Erpnext" | 11.0.3 Search vendor "Frappe" for product "Erpnext" and version "11.0.3" | beta9 |
Affected
| ||||||