GHSA-rf3j-fpf7-94x7CriticalCVSS 9.8

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product...

Published
June 15, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

🔗 References (3)