Seeking Assistance After SQL Injection Attack on ERPNext

My ERPNext deployment was subjected to an SQL injection attack. The attacker was able to inject a malicious

script into our MariaDB database, which redirected users to an unauthorized domain upon login. We identified and removed the malicious script from the tabFile table in the file_url field within MariaDB.

However, even after cleaning the database, the issue persists when switching to desk mode, anyone can suggest how to fix this ?


This is serious. What version are you on please give more details about your environment so that framework team can assist you.

1 Like

Above is the Docker compose file i have used , I have modified according to my need . I was using Ec2 instance to deploy this

1 Like

Why are you publishing ports to host? Mariadb 3306, frontend 8080 is available for access? Are those ports protected by firewall?

You should only publish port 80 and 443 through nginx and only reverse proxy everything else from docker network without exposing host ports.

1 Like

The port 8080 is opened in Security groups of AWS Ec2 , I enabled port 3306 in security groups so that i can connect to mariadb from a dekstop database client like dbeaver.
Deployment became vulnerable because i exposed ports ?

1 Like

hope your password is not admin and a more secure one which cannot be guessed easily.

I would think leaving a database port open is asking for trouble. At the very least you should limit IP address access.

How about using ssh and a private key to manage your DBMS instead? Most database management tools should support that.

you dont need to expose those ports!

To connect in MySQL with Dbeaver, just use they SSH tunnel connection!

It works like a charm for me!