SQL Injection Vulnerability in frappe.share.get_users

SQL Injection Vulnerability in frappe.share.get_users

CVE-2017-1000120 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.