An SQL Injection vulnerability in a web component of EPMM versions prior to 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.