CVE-2019-10671

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.

Ссылки

https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/
Exploit
Third Party Advisory
https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Версия до 1.47 (включая)

EPSS

Процентиль: 1%

0.00008

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-g9xh-3w5g-229r