CVE-2026-22821 PUBLISHED

mreporting affected by a SQLI on date change

Assigner: GitHub_M
Reserved: 09.01.2026 Published: 12.02.2026 Updated: 12.02.2026

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.9

Product Status

Vendor pluginsGLPI
Product mreporting
Versions
  • Version < 1.9.4 is affected

References

Problem Types

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE