CVE-2026-30711

Name of the Vulnerable Software and Affected Versions Devome GRR version 4.5.0

Description The software contains multiple authenticated SQL injection issues within the include/session.inc.php file. These issues are triggered through the referer and user-agent HTTP request headers. The injection occurs when processing these headers, potentially allowing an attacker to manipulate database queries.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the referer and user-agent HTTP request headers before processing them in the include/session.inc.php file.