An SQL Injection vulnerability in web component of EPMM prior to 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.