Frappe has possibility of SQL injection due to improper validations
SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information.
Advisories for Pypi/Frappe package
2025
Frappe vulnerable to information disclosure leading to account takeover
Making crafted requests could lead to information disclosure that could further lead to account takeover.
Frappe has possibility of SQL injection due to improper validations
An SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information.
Frappe has Possibility of Remote Code Execution due to improper validation
A system user was able to create certain documents in a specific way that could lead to RCE.