VYPR
High severity8.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026

CVE-2018-3883

CVE-2018-3883

Description

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Frappe/Erpnext2 versions
    cpe:2.3:a:frappe:erpnext:10.1.6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:frappe:erpnext:10.1.6:*:*:*:*:*:*:*
    • (no CPE)range: =10.1.6
  • Talos/ERPNextv5
    Range: ERPNext v10.1.6 (master)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.