Mittwoch, 21. Dezember 2016

SQL Injection in Frappe Framework

During a university project Fabin Ullrich and I discovered a SQL Injection vulnerability in the open source web framework frappe (

The issue was fixed within one day after contacting the maintainer (fixed version: 2.1.28).

This blog post is a placeholder for a full disclosure, which will follow next year. Stay tuned!