SQL Injection Vulnerability in LibreNMS by LibreNMS
CVE-2019-10671

8.8HIGH

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-10671?

An SQL injection vulnerability exists in LibreNMS prior to version 1.47 that allows an authenticated attacker to manipulate database queries. By exploiting this weakness, an attacker can alter the behavior of database actions, enabling them to extract or modify sensitive data, particularly through parameters such as the sort option in graph.php.

References

https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sq...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Mar 31, 2019

Librenms

What is CVE-2019-10671?

References

CVSS V3.1

Timeline