{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30711", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:03:44.187Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T14:31:00.152Z"}, "descriptions": [{"lang": "en", "value": "Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://breakpoint.purrfect.fr/article/grr_audit.html#v4-sql-injection-in-session-inc-php-1"}, {"url": "https://breakpoint.purrfect.fr/article/grr_audit.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:01:44.223167Z", "id": "CVE-2026-30711", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:03:44.187Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T01:01:44.223167Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:03:22.639Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://breakpoint.purrfect.fr/article/grr_audit.html#v4-sql-injection-in-session-inc-php-1"}, {"url": "https://breakpoint.purrfect.fr/article/grr_audit.html"}], "descriptions": [{"lang": "en", "value": "Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T14:31:00.152Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30711", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:03:44.187Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent."}, {"lang": "es", "value": "Se descubri\u00f3 que Devome GRR v4.5.0 conten\u00eda m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL autenticadas en el archivo include/session.inc.php a trav\u00e9s de los campos referer y user-agent."}], "id": "CVE-2026-30711", "lastModified": "2026-04-27T19:18:46.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T15:16:26.813", "references": [{"source": "cve@mitre.org", "url": "https://breakpoint.purrfect.fr/article/grr_audit.html"}, {"source": "cve@mitre.org", "url": "https://breakpoint.purrfect.fr/article/grr_audit.html#v4-sql-injection-in-session-inc-php-1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.5.0"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "grr", "vendor": "devome"}], "analysis": {"en": {"generated_at": "2026-03-24T03:50:12.451081+00:00", "value": {"mitigation_remediation": ["Apply the latest Devome GRR patch that rectifies the unsanitized header usage", "If a patch is unavailable, configure the web server or reverse proxy to strip or sanitize Referer and User-Agent headers before they reach the application", "Implement strict input validation for all header values processed by the application", "Limit the database user\u2019s privileges to only the operations required by the application", "Regularly audit logs for suspicious SQL activity and perform periodic code reviews and penetration tests targeting header handling"], "summary": {"action": "Immediate patch", "impact": "SQL injection via authenticated headers"}, "threat_synthesis": {"affected_systems": "Devome GRR version 4.5.0 is affected. No additional vendors or product versions are specified.", "description_and_impact": "The vulnerability resides in the include/session.inc.php file of Devome GRR v4.5.0 and allows an authenticated user to inject arbitrary SQL statements through forged Referer and User-Agent headers. The flaw can lead to unauthorized data exposure or modification, compromising the confidentiality and integrity of the audit database.", "risk_and_exploitability": "The CVSS score of 8.8 indicates high severity, while the EPSS score under 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need valid credentials to submit malicious headers, implying the threat is primarily internal or from compromised accounts. Successful exploitation could allow an attacker to query, tamper with, or delete audit records."}}}}, "created": "2026-03-20T08:57:17.321357+00:00", "title": "Authenticated SQL Injection in Devome GRR Session Handling", "updated": "2026-03-25T11:51:48.277183+00:00", "vendors": ["devome", "devome$PRODUCT$grr"]}