Page 10 of 55 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. Se detectó un problema en LibreNMS versiones hasta 1.47. Este no parametriza todas las entradas suministradas por el usuario dentro de las consultas de base de datos, resultando en la inyección SQL. • https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. Se detectó un problema en LibreNMS versiones hasta 1.47. Varios scripts importan las bibliotecas de Autenticación, pero no aplican una comprobación de autenticación real. • https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. Se detectó un problema en LibreNMS versiones hasta 1.47. Una divulgación de información puede ocurrir: un atacante puede tomar la huella digital de la versión de código exacta instalada y revelar las rutas de archivos locales. • https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php? • https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. • https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •