CVE-2019-12464
https://notcve.org/view.php?id=CVE-2019-12464
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. Se detectó un problema en LibreNMS versión 1.50.1. Un usuario autenticado puede realizar un ataque de salto de directorio contra el archivo /pdf.php con un nombre de archivo parcial en el parámetro report, para causar la inclusión del archivo local resultando en la ejecución de código. • https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12463
https://notcve.org/view.php?id=CVE-2019-12463
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. • https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-022 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •
CVE-2019-10671
https://notcve.org/view.php?id=CVE-2019-10671
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. Se detectó un problema en LibreNMS versiones hasta 1.47. Este no parametriza todas las entradas suministradas por el usuario dentro de las consultas de base de datos, resultando en la inyección SQL. • https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-10668
https://notcve.org/view.php?id=CVE-2019-10668
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. Se detectó un problema en LibreNMS versiones hasta 1.47. Varios scripts importan las bibliotecas de Autenticación, pero no aplican una comprobación de autenticación real. • https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016 • CWE-306: Missing Authentication for Critical Function •
CVE-2019-10667
https://notcve.org/view.php?id=CVE-2019-10667
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. Se detectó un problema en LibreNMS versiones hasta 1.47. Una divulgación de información puede ocurrir: un atacante puede tomar la huella digital de la versión de código exacta instalada y revelar las rutas de archivos locales. • https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •