CVE-2020-15887

Name of the Vulnerable Software and Affected Versions MunkiReport Software Update module versions prior to 1.6

Description A SQL injection issue in the softwareupdate controller.php file allows attackers to execute arbitrary SQL commands via the last URL parameter of the "/module/softwareupdate/get tab data/" endpoint.

Recommendations For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/module/softwareupdate/get tab data/" endpoint until a patch is available. Avoid using the last URL parameter in the affected endpoint until the issue is resolved.