IBM Navigator for i is a console interface used in IBMi by International Business Machines (IBM) to perform and manage critical tasks in IBMi. IBM Navigator for i is vulnerable to SQL injection in versions 7.3, 7.4, and 7.5. The vulnerability stems from the application’s lack of validation of externally entered SQL statements. An authenticated attacker could use the vulnerability to view file permissions through the interface by performing UNION-based SQL injection.