CVE-2026-47199
Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-89
Neutralización incorrecta de elementos especiales usados en un comando SQL (Inyección SQL)
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026
Descripción
*** Pendiente de traducción *** Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_query permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in versions 16.18.3 and 15.108.0.
Impacto
Puntuación base 4.0
2.30
Gravedad 4.0
BAJA
Referencias a soluciones, herramientas e información
- https://github.com/frappe/frappe/commit/628e103f7ffe307447d9fc9e2c572cbddedfa3b5
- https://github.com/frappe/frappe/commit/91d3ded038d1c901b73f4a2293e134d691c1662d
- https://github.com/frappe/frappe/pull/39345
- https://github.com/frappe/frappe/pull/39346
- https://github.com/frappe/frappe/releases/tag/v15.108.0
- https://github.com/frappe/frappe/releases/tag/v16.18.3
- https://github.com/frappe/frappe/security/advisories/GHSA-wx8j-cw4r-vrhv



