CVE-2025-52047 | Frappe ErpNext 15.57.5 queries.py get_income_account filters.disabled sql injection

A vulnerability categorized as critical has been discovered in Frappe ErpNext 15.57.5. Affected by this issue is the function get_income_account of the file erpnext/controllers/queries.py. Executing manipulation of the argument filters.disabled can lead to sql injection.

The identification of this vulnerability is CVE-2025-52047. The attack may be launched remotely. There is no exploit available.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More