High severity8.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-3885
CVE-2018-3885
Description
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Talos/ERPNextv5Range: ERPNext v10.1.6 (master)
Patches
Vulnerability mechanics
References
1- talosintelligence.com/vulnerability_reports/TALOS-2018-0560nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.