CVE-2018-20434 – LibreNMS - addhost Command Injection
https://notcve.org/view.php?id=CVE-2018-20434
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. LibreNMS 1.46 permite a los atacantes remotos ejecutar comandos OS arbitrarios mediante el uso del parámetro $_POST['community'] en html/pages/addhost.inc.php durante la creación de un nuevo dispositivo y posteriormente haciendo una petición /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost que desencadene una mala gestión del comando html/includes/output/capture.inc.php • https://www.exploit-db.com/exploits/46970 https://www.exploit-db.com/exploits/47044 https://github.com/mhaskar/CVE-2018-20434 http://packetstormsecurity.com/files/153188/LibreNMS-addhost-Command-Injection.html http://packetstormsecurity.com/files/153448/LibreNMS-1.46-addhost-Remote-Code-Execution.html https://drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view?usp=sharing https://gist.github.com/mhaskar/516df57aafd8c6e3a1d70765075d372d https://shells.systems/librenms-v1-46-remote-code-execution • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-20678
https://notcve.org/view.php?id=CVE-2018-20678
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. LibreNMS, hasta la versión 1.47, permite la inyección SQL mediante el parámetro sort[hostname] en html/ajax_table.php., explotable por usuarios autenticados durante una búsqueda. • https://cert.enea.pl/advisories/cert-190101.html https://github.com/librenms/librenms/commits/master/html/ajax_table.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-18478
https://notcve.org/view.php?id=CVE-2018-18478
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. Vulnerabilidades Cross-Site Scripting (XSS) persistente en LibreNMS en versiones anteriores a la 1.44 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro dashboard_name en el recurso /ajax_form.php, relacionado con html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php y html/includes/forms/edit-dashboard.inc.php. • https://github.com/librenms/librenms/issues/9170 https://github.com/librenms/librenms/pull/9171 https://github.com/librenms/librenms/releases/tag/1.44 https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16759
https://notcve.org/view.php?id=CVE-2017-16759
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. El proceso de instalación en LibreNMS, en versiones anteriores a 2017-08-18, permite que atacantes remotos lean archivos arbitrarios. Esto está relacionado con html/install.php. • https://blog.librenms.org/2017/08/22/librenms-security-fix-during-the-installation-process https://github.com/librenms/librenms/commit/7887b2e1c7158204ac69ca43beafce66e4d3a3b4 https://github.com/librenms/librenms/commit/d3094fa6578b29dc34fb5a7d0bd6deab49ecc911 https://github.com/librenms/librenms/pull/7184 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •