CVE-2020-15887

SQL Injection in packagist/munkireport/softwareupdate

Identifiers

CVE-2020-15887

Package Slug

packagist/munkireport/softwareupdate

Vulnerability

SQL Injection

Description

An SQL injection vulnerability in softwareupdate_controller.php in the Software Update module for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.

Affected Versions

All versions before 1.6

Solution

Upgrade to version 1.6 or above.

Last Modified

2020-07-28

source