Описание
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
Ссылки
- Exploit
- Patch
- ExploitVendor Advisory
- Exploit
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 24.4.0 (исключая)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00108
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
почти 2 года назад
LibreNMS vulnerable to SQL injection time-based leads to database extraction
EPSS
Процентиль: 29%
0.00108
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89
CWE-89