In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-11
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-10-05
Page 4