{"id":19940,"date":"2025-10-02T12:43:11","date_gmt":"2025-10-02T12:43:11","guid":{"rendered":"http:\/\/localhost\/?p=19940"},"modified":"2025-10-02T12:43:11","modified_gmt":"2025-10-02T12:43:11","slug":"erpnext-15670-frappe-15724-blind-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=19940","title":{"rendered":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129"},"content":{"rendered":"

{“lastseen”:”2025-10-02T16:53:27″,”description”:”A time-based blind SQL injection vulnerability was discovered in…”,”published”:”2025-10-02T00:00:00″,”modified”:”2025-10-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-56380″],”sourceData”:”# CVE-2025-56380 \u2014 Time-based Blind SQL Injection in Frappe \/ ERPNext (frappe.client.get_value)\\n \\n \ud83d\udccc **Summary**\\n A time-based blind SQL injection vulnerability was discovered in the `frappe.client.get_value` API endpoint in Frappe Framework v15.72.4 (and present in ERPNext v15.67.0 codebase). An authenticated user with access to the reporting\/client API can inject SQL via the `fieldname` parameter. By inserting time-delay functions (e.g., `sleep(15)`) into the `fieldname` parameter, an attacker can confirm injection via measurable response delays \u2014 enabling denial of service, information disclosure (via blind techniques), and data manipulation.\\n \\n —\\n \\n ## \ud83d\udee0 Technical Details\\n \\n * **Vulnerability Type:** SQL Injection (time-based blind) (CWE\u201189)\\n * **Affected Product(s):** Frappe Framework \/ ERPNext\\n * **Affected Versions (reported):**\\n \\n * Frappe \u2014 **15.72.4**\\n * ERPNext \u2014 **15.67.0** (same code base affected)\\n * **Affected Component:** `frappe.client.get_value` API method (`frappe\/client.py`)\\n * **Vulnerable Endpoint:**\\n \\n “`\\n \/api\/method\/frappe.client.get_value\\n “`\\n \\n Example vulnerable query:\\n \\n “`\\n \/api\/method\/frappe.client.get_value?doctype=Report\\u0026fieldname=ref_doctype+%2F+sleep(15)+\\u0026filters=Profit+and+Loss+Statement\\u0026_=1752174156893\\n “`\\n * **Vulnerable Parameter:** `fieldname` (improperly sanitized \/ concatenated into SQL)\\n * **Attack Type:** Remote (requires authentication and access to the reporting API)\\n * **Severity:** High (time-based blind SQLi enables data exfiltration, DoS, and manipulation)\\n * **Estimated CVSS v3.1 Score:** **8.0 (High)** \u2014 *estimate based on remote authentication-required SQL injection enabling data disclosure and DoS; authoritative scoring should be performed by assigners.*\\n * **Status:** Not fixed (as reported)\\n * **Discovered by:** Mohammed Aloli (GitHub: [https:\/\/github.com\/MoAlali](https:\/\/github.com\/MoAlali))\\n * **Date Discovered:** Not specified in report\\n * **CVE ID:** **CVE-2025-56380**\\n \\n —\\n \\n ## \ud83d\ude80 Proof of Concept (PoC) \u2014 Time-based Blind SQLi\\n \\n \\u003e **Only test in authorized \/ lab environments. Do NOT run against systems you do not own or have explicit permission to test.**\\n \\n **PoC Request (example):**\\n \\u003cimg width=\\”1074\\” height=\\”573\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/c840545e-fc68-43f3-a5f0-7a29f2f08248\\” \/\\u003e\\n \\n “`\\n GET \/api\/method\/frappe.client.get_value?doctype=Report\\u0026fieldname=ref_doctype+%2F+sleep(15)+\\u0026filters=Profit+and+Loss+Statement\\u0026_=1752174156893\\n “`\\n \\n **Steps to confirm**\\n \\n 1. Authenticate to the target Frappe\/ERPNext instance with a user that can access the reporting\/get_value API.\\n 2. Send the above GET request (or equivalent URL-encoded payload).\\n 3. Observe the response time; if response is delayed by ~15 seconds, this indicates successful time-based injection.\\n 4. Repeat the same request to confirm reproducibility.\\n 5. Remove the injected `+%2F+sleep(15)+\\u0026` payload and observe the response returns immediately \u2014 confirming injection causes time delay.\\n \\n **Notes:** Replace `sleep(15)` with other time functions or time values suited to the backend DBMS (e.g., `pg_sleep(n)` for PostgreSQL) depending on DB engine. The PoC demonstrates blind injection via timing; more complex payloads could be used to extract data bit-by-bit.\\n \\n —\\n \\n ## \ud83e\uddea Attack Vectors \\u0026 Impact\\n \\n * **Attack vector:** Authenticated user crafts GET requests to `\/api\/method\/frappe.client.get_value` with a malicious `fieldname` parameter containing SQL payloads (time delay functions).\\n * **Impact:**\\n \\n * **Denial of Service:** Forced delays in server response (resource exhaustion if abused).\\n * **Information Disclosure:** Blind extraction of data via time-based techniques (bitwise\/time-conditional queries).\\n * **Data Manipulation:** Potential ability to alter database state if other SQL injection vectors are available.\\n * **Other:** Escalation of impact depending on DB privileges available to the application user.\\n \\n —\\n \\n ## \ud83d\udd10 Mitigation Recommendations\\n \\n 1. **Parameterized Queries \/ Prepared Statements:** Ensure the `fieldname` and all user-supplied input are never concatenated directly into SQL. Use parameterized queries or ORM APIs that properly bind parameters.\\n 2. **Strict Input Validation \/ Whitelisting:** For parameters that should be field names or identifiers, validate against a strict allowlist of known valid field names or use server-side mapping rather than accepting raw field identifiers from clients.\\n 3. **Escape Identifiers Safely:** If identifiers must be used dynamically, use safe DB-specific identifier quoting\/escaping functions \u2014 and *still* restrict allowed values.\\n 4. **Least Privilege DB Account:** Run the application with a database user that has only necessary privileges (read-only where possible for reporting endpoints).\\n 5. **Rate-limiting \\u0026 Monitoring:** Apply rate limits and detect anomalous request patterns or repeated time-delay tests; alert on suspicious traffic.\\n 6. **Audit \\u0026 Logging:** Log requests to sensitive API endpoints and monitor for suspicious payloads (e.g., `sleep`, `pg_sleep`, `benchmark`, `\/`, `;`).\\n 7. **Patch \\u0026 Release:** Frappe\/ERPNext developers should audit `frappe.client.get_value` and the code path handling `fieldname`\/filters, replace unsafe concatenation with safe APIs, and release a security patch. Operators should apply updates promptly.\\n 8. **Security Testing:** Add automated tests to detect SQL injection (including time-based blind) in API endpoints.\\n \\n —\\n \\n ## \ud83d\udd17 References\\n \\n * Discoverer \/ Reporter: Mohammed Aloli \u2014 GitHub: `https:\/\/github.com\/MoAlali` \u2014 X: `https:\/\/x.com\/alaliksa_` \u2014 LinkedIn: `https:\/\/www.linkedin.com\/in\/mohammedaloli\/`\\n * Frappe \/ ERPNext codebases (review and patch): `https:\/\/github.com\/frappe\/frappe` , `https:\/\/github.com\/frappe\/erpnext`\\n * General SQLi guidance: OWASP SQL Injection Cheat Sheet \u2014 `https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html`\\n \\n —\\n \\n ## \ud83d\ude4f Acknowledgments\\n \\n Discovered by **Mohammed Aloli**\\n \\n —\\n \\n ## \ud83d\udce2 Disclaimer\\n \\n This information is provided for defensive and remediation purposes only. Do **not** attempt to exploit this vulnerability against systems you do not own or do not have explicit authorization to test. Operators should prioritize patching, apply secure coding fixes, and follow the mitigation guidance above.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210129″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/210129\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-10-02T16:53:27″,”description”:”A time-based blind SQL injection vulnerability was discovered in…”,”published”:”2025-10-02T00:00:00″,”modified”:”2025-10-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-56380″],”sourceData”:”# CVE-2025-56380 \u2014 Time-based Blind SQL Injection in Frappe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-19940","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=19940\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-10-02T16:53:27″,”description”:”A time-based blind SQL injection vulnerability was discovered in…”,”published”:”2025-10-02T00:00:00″,”modified”:”2025-10-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-56380″],”sourceData”:”# CVE-2025-56380 \u2014 Time-based Blind SQL Injection in Frappe...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=19940\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-02T12:43:11+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 ERPNext 15.67.0 \\\/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129\",\"datePublished\":\"2025-10-02T12:43:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940\"},\"wordCount\":1039,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=19940#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940\",\"name\":\"\ud83d\udcc4 ERPNext 15.67.0 \\\/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-10-02T12:43:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=19940\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=19940#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 ERPNext 15.67.0 \\\/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=19940","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem","og_description":"{“lastseen”:”2025-10-02T16:53:27″,”description”:”A time-based blind SQL injection vulnerability was discovered in…”,”published”:”2025-10-02T00:00:00″,”modified”:”2025-10-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-56380″],”sourceData”:”# CVE-2025-56380 \u2014 Time-based Blind SQL Injection in Frappe...","og_url":"https:\/\/zero.redgem.net\/?p=19940","og_site_name":"zero redgem","article_published_time":"2025-10-02T12:43:11+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=19940#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=19940"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129","datePublished":"2025-10-02T12:43:11+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=19940"},"wordCount":1039,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=19940#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=19940","url":"https:\/\/zero.redgem.net\/?p=19940","name":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-10-02T12:43:11+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=19940#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=19940"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=19940#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 ERPNext 15.67.0 \/ Frappe 15.72.4 Blind SQL Injection_PACKETSTORM:210129"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/19940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19940"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/19940\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}