CVE-2026-30711

Description

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent.

References

• https://breakpoint.purrfect.fr/article/grr_audit.html
• https://breakpoint.purrfect.fr/article/grr_audit.html#v4-sql-injection-in-session-inc-php-1