CVE-2018-20061

Published Dec 11, 2018

Last updated 6 years ago

CVSS high 7.5

Overview

Description: A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D15E6CA-D0E1-493A-B300-7AF679D33F44",
            "versionEndIncluding": "10.1.76",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFAED978-36E5-459B-B94C-E76F545D6917",
            "versionEndExcluding": "11.0.3",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9DCB37E-061E-44D6-A686-6464B5BE54D2"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C2D6DF-B4E5-434B-8632-DB1DF10CE5E9"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C6F3220-13B5-4504-87DB-09495E5E1386"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6AFF494-240F-4981-B4EC-24771A6E1E4C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69D3FEA8-FC3F-434E-AFA6-D03D8EFAC524"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9D81630-3EE2-498E-9A76-0F0C1CDD1A15"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3367D0E-5701-4FCA-8307-0FA7D25D71E3"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DBD878F-935B-427F-B6DF-4DA4356E9843"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE5DFE4-55B8-4F68-8C3A-2CDC13D8A735"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F22BFC9-CA3D-4B57-AD93-1B5094D69508"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5E71D9-CCD4-47F4-9AC8-4E4A112E9C0A"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA394555-C3A0-4142-B023-60A9014C87E8"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B5C737A-A824-4E7D-A8D6-A0E0A4AE710A"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E4D6A6-2F64-4DB8-9946-5E54FE889E6C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AAD166B-0B54-4D74-A61D-A17F34C403F6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2856944B-7178-414D-B485-5B8C4D88E95D"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27EE33DF-6485-463D-BB51-33D4295D3E55"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBEED6D7-3EA2-4BC0-B7F8-5F104F90EB82"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E9A6A8-A210-467F-888C-1327C8E5F5D0"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta28:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97CA5919-E7B0-417B-BF91-6B407F83F167"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta29:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C2C925-F3D3-4C5D-A281-2BE62F32BB52"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0411AA32-05B2-49C2-A0DC-8F74BDABCA3B"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9DFDFA-9387-46C2-BC9C-58A90713F0E6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86661EEC-799A-404B-A847-D91A00403F3C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AFA67C7-6829-4160-A7C8-B3DD56E60CF3"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E1D4DA-2D89-4CD5-B34F-33D96BD2C341"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B4BE801-0FF0-4B44-8DCF-E2805DCC39A6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4AE27CF-FCAF-4491-AAC1-8EB5E5C5FD6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References