A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.
CPE | Name | Operator | Version |
---|---|---|---|
softwareupdate | eq | 1.2.2 | |
softwareupdate | eq | 1.4 | |
softwareupdate | eq | 1.2.1 | |
softwareupdate | eq | 1.5 | |
softwareupdate | eq | 1.2 | |
softwareupdate | eq | 1.3 | |
softwareupdate | eq | 1.1 |