CVE-2026-30711 identifies multiple authenticated SQL injection vulnerabilities in Devome GRR version 4.5.0, located in the include/session.inc.php file. The vulnerabilities stem from inadequate input validation and sanitization of the HTTP referer and user-agent headers, which are used in SQL queries without proper escaping or parameterization. An attacker with valid credentials can manipulate these headers to inject arbitrary SQL commands, potentially allowing unauthorized access to sensitive data, modification of database contents, or disruption of application functionality. The requirement for authentication limits the attack surface to legitimate users or compromised accounts. No CVSS score is assigned yet, and no patches or public exploits have been reported. The vulnerability was reserved and published in March 2026, indicating recent discovery. The lack of patches necessitates immediate mitigation efforts by affected organizations to prevent exploitation.

The primary impact of this vulnerability is the compromise of database confidentiality and integrity. An attacker exploiting the SQL injection can extract sensitive information, alter or delete data, and potentially escalate privileges within the application. This could lead to data breaches, loss of trust, and operational disruptions. Since the vulnerability requires authentication, the risk is somewhat mitigated but remains significant, especially if user credentials are weak or compromised. Organizations relying on Devome GRR for critical operations or handling sensitive data face increased risk of targeted attacks. The absence of known exploits reduces immediate threat but does not eliminate future exploitation possibilities. Overall, the vulnerability poses a high risk to affected systems and their data security.

To mitigate this vulnerability, organizations should immediately restrict access to Devome GRR v4.5.0 instances to trusted users and networks. Implement strict authentication controls, including multi-factor authentication, to reduce the risk of credential compromise. Monitor application logs for unusual referer and user-agent header values that may indicate attempted exploitation. Employ web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting these headers. Until an official patch is released, consider applying virtual patching techniques or input validation proxies to sanitize incoming HTTP headers. Conduct thorough code reviews and testing to identify and remediate unsafe SQL query constructions. Finally, plan for prompt deployment of vendor patches once available and maintain regular backups of critical data to enable recovery from potential attacks.