Thursday, September 6, 2018

Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities

Vulnerabilities discovered by Yuri Kramarz from the Cisco Security Advisor Team


Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities — no special tools are required.


The vulnerabilities were assigned to the CVE IDs CVE-2018-3882 - CVE-2018-3885. An attacker can use the following parameters for SQL injection:

CVE-2018-3882 - searchfield parameter

CVE-2018-3883 - employee parameter

CVE-2018-3883 - sort_order parameter

CVE-2018-3884 - sort_by parameter 

CVE-2018-3884 - start parameter


More technical details can be found in the Talos vulnerability reports.


The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or

Snort Rule: 46165-46172

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.