MunkiReport reportdata module SQL injection vulnerability

2022-05-2417:24:15

Google

osv.dev

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.2%

JSON

A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.

CPENameOperatorVersion
munkireport/reportdataeq1.2
munkireport/reportdataeq1.5
munkireport/reportdataeq2.1
munkireport/reportdataeq2.3
munkireport/reportdataeq3.0
munkireport/reportdataeq3.2
munkireport/reportdataeq2.0
munkireport/reportdataeq3.4
munkireport/reportdataeq2.5
munkireport/reportdataeq3.1

Name	Operator	Version
munkireport/reportdata	eq	1.2
munkireport/reportdata	eq	1.5
munkireport/reportdata	eq	2.1
munkireport/reportdata	eq	2.3
munkireport/reportdata	eq	3.0
munkireport/reportdata	eq	3.2
munkireport/reportdata	eq	2.0
munkireport/reportdata	eq	3.4
munkireport/reportdata	eq	2.5
munkireport/reportdata	eq	3.1