diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 111001b19..7ef3b1a19 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,5 +1,6 @@
 7.9.12
  - webgui.org homepage gives 404  (#11778)
+ - fixed #11779: SQLReport can run arbitrary queries
 
 7.9.11
  - fixed #11755: New cart does not update shipping methods correctly
diff --git a/lib/WebGUI/DatabaseLink.pm b/lib/WebGUI/DatabaseLink.pm
index 8dffa550f..6ca6dfed3 100644
--- a/lib/WebGUI/DatabaseLink.pm
+++ b/lib/WebGUI/DatabaseLink.pm
@@ -383,6 +383,9 @@ sub queryIsAllowed {
 	my $self  = shift;
 	my $query = shift;
 
+    # Remove all comments before checking validity
+    $query =~ s{/[*].*?[*]/}{}g;
+
     my ($firstWord) = $query =~ /(\w+)/;
     $firstWord = lc $firstWord;
     return isIn($firstWord, split(/\s+/, lc $self->{_databaseLink}{allowedKeywords})) ? 1 : 0;
diff --git a/t/DatabaseLink.t b/t/DatabaseLink.t
index 0a9a6b827..c1986b66d 100644
--- a/t/DatabaseLink.t
+++ b/t/DatabaseLink.t
@@ -156,6 +156,11 @@ my $queries = [
         expect  => 1,
         comment => '... parenthesized',
     },
+    {
+        query   => '/* SELECT */ DELETE FROM users',
+        expect  => 0,
+        comment => 'Initial comment with valid keyword',
+    },
 ];
 
 plan tests => 14