CVE-2020-10190

Name of the Vulnerable Software and Affected Versions MunkiReport versions prior to 5.3.0

Description An issue allows an authenticated user to achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the "datatables/data" endpoint.

Recommendations For versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "datatables/data" endpoint to minimize the risk of exploitation. Avoid using potentially vulnerable parameters in the affected endpoint until the issue is resolved.