CVE-2019-10669 – LibreNMS - Collectd Command Injection
https://notcve.org/view.php?id=CVE-2019-10669
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). Se detectó un problema en LibreNMS versiones hasta 1.47. Se presenta una vulnerabilidad de inyección de comandos en el archivo html/includes/graphs/device/collectd.inc.php donde los parámetros suministrados por el usuario son filtrados con la función mysqli_escape_real_string. • https://www.exploit-db.com/exploits/47375 http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-15230
https://notcve.org/view.php?id=CVE-2019-15230
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. LibreNMS versión v1.54, presenta una vulnerabilidad de tipo XSS en las secciones Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, y Alert Template de la consola de administración. Esto podría conllevar al robo de cookies y otras acciones maliciosas. • https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20434 – LibreNMS - addhost Command Injection
https://notcve.org/view.php?id=CVE-2018-20434
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. LibreNMS 1.46 permite a los atacantes remotos ejecutar comandos OS arbitrarios mediante el uso del parámetro $_POST['community'] en html/pages/addhost.inc.php durante la creación de un nuevo dispositivo y posteriormente haciendo una petición /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost que desencadene una mala gestión del comando html/includes/output/capture.inc.php • https://www.exploit-db.com/exploits/46970 https://www.exploit-db.com/exploits/47044 https://github.com/mhaskar/CVE-2018-20434 http://packetstormsecurity.com/files/153188/LibreNMS-addhost-Command-Injection.html http://packetstormsecurity.com/files/153448/LibreNMS-1.46-addhost-Remote-Code-Execution.html https://drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view?usp=sharing https://gist.github.com/mhaskar/516df57aafd8c6e3a1d70765075d372d https://shells.systems/librenms-v1-46-remote-code-execution • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-20678
https://notcve.org/view.php?id=CVE-2018-20678
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. LibreNMS, hasta la versión 1.47, permite la inyección SQL mediante el parámetro sort[hostname] en html/ajax_table.php., explotable por usuarios autenticados durante una búsqueda. • https://cert.enea.pl/advisories/cert-190101.html https://github.com/librenms/librenms/commits/master/html/ajax_table.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-18478
https://notcve.org/view.php?id=CVE-2018-18478
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. Vulnerabilidades Cross-Site Scripting (XSS) persistente en LibreNMS en versiones anteriores a la 1.44 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro dashboard_name en el recurso /ajax_form.php, relacionado con html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php y html/includes/forms/edit-dashboard.inc.php. • https://github.com/librenms/librenms/issues/9170 https://github.com/librenms/librenms/pull/9171 https://github.com/librenms/librenms/releases/tag/1.44 https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •