Vulnerabilities discovered by Yuri Kramarz from Cisco Security Advisor Team. Talos disclosing multiple SQL injection vulnerabilities in Frappe ERPNext Version 10.1.6 application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities no special tools are required. The vulnerabilities were assigned to the CVE IDs CVE-2018-3882 – CVE-2019-3885. The following Snort rules will detect exploitation attempts.”]
Source: https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-talos-2018-0560.html