Vulnerabilities > Softwareupdate Project

DATE CVE VULNERABILITY TITLE RISK
2020-07-23 CVE-2020-15887 SQL Injection vulnerability in Softwareupdate Project Softwareupdate
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.
network
low complexity
softwareupdate-project CWE-89
8.8