SQL Injection Vulnerability in frappe.share.get_users
CVE-2017-1000120 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.