CVE-2024-32461
HIGH8.8EPSS 0.15%LibreNMS vulnerable to SQL injection time-based leads to database extraction
Description
### Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. ### Details There is a lack of hygiene of data coming from the user in line 83 of the file librenms/includes/html/pages/search/packages.inc.php  ### PoC https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6 ### Impact With this vulnerability, we can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials
Affected packages (1)
- Packagist/librenms/librenmsfrom 0, < 24.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-32461
- PATCHhttps://github.com/librenms/librenms
- WEBhttps://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6
- WEBhttps://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33
- WEBhttps://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34