CVE-2019-10671

HIGH8.8EPSS 0.01%

SQL Injection in LibreNMS

發布日:2019/10/11修改日:2024/2/16

描述

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.

受影響套件(1)

Packagist/librenms/librenmsfrom 0, < 1.50.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10671
WEBhttps://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025