More Reporting
CVE-2026-22821
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
AnalysisAI
The More Reporting GLPI plugin versions prior to 1.9.4 contain a SQL injection vulnerability in date change functionality that allows authenticated users with high privileges to execute arbitrary SQL queries and extract sensitive data. An attacker with administrative credentials could exploit this network-accessible vulnerability to read confidential information from the database. A patch is available in version 1.9.4 and later.
Technical ContextAI
Classified as CWE-89 (SQL Injection). Affects More Reporting. mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 1.9.4.. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today