CVE-2020-36947

Опубликовано: 27 янв. 2026

Источник: nvd

CVSS3: 7.1

CVSS3: 6.5

EPSS Низкий

Описание

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

Ссылки

https://community.librenms.org/
Product
https://github.com/librenms/librenms
Product
https://www.exploit-db.com/exploits/49246
Exploit
Third Party Advisory
VDB Entry
https://www.librenms.org
Product
https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection
Third Party Advisory
https://community.librenms.org/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librenms:librenms:1.46:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00012

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-qp2j-v5jg-hg68

CVSS3: 7.1

github

11 дней назад

LibreNMS contains an authenticated SQL Injection vulnerability

EPSS

Процентиль: 1%

0.00012

Низкий

7.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-89