Mittwoch, 21. Dezember 2016

SQL Injection in Frappe Framework

During a university project Fabin Ullrich and I discovered a SQL Injection vulnerability in the open source web framework frappe (https://github.com/frappe/frappe).

The issue was fixed within one day after contacting the maintainer (fixed version: 2.1.28).

This blog post is a placeholder for a full disclosure, which will follow next year. Stay tuned!

Keine Kommentare:

Kommentar veröffentlichen