CVE-2020-15886

SQL Injection in packagist/munkireport/reportdata

Identifiers

CVE-2020-15886

Package Slug

packagist/munkireport/reportdata

Vulnerability

SQL Injection

Description

An SQL injection vulnerability in reportdata_controller.php in the reportdata module for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.

Affected Versions

All versions before 3.5

Solution

Upgrade to version 3.5 or above.

Last Modified

2020-07-29

source