High severity8.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-3883
CVE-2018-3883
Description
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Talos/ERPNextv5Range: ERPNext v10.1.6 (master)
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2018-0560nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.