CVE-2025-52049 | Frappe ErpNext 15.57.5 timesheet.py get_timesheet_detail_rate timelog sql injection

A vulnerability, which was classified as critical, was found in Frappe ErpNext 15.57.5. The affected element is the function get_timesheet_detail_rate of the file erpnext/projects/doctype/timesheet/timesheet.py. Executing manipulation of the argument timelog can lead to sql injection.

This vulnerability appears as CVE-2025-52049. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More