CVE-2020-15873
https://notcve.org/view.php?id=CVE-2020-15873
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. En LibreNMS versiones anteriores a 1.65.1, un atacante autenticado puede lograr una inyección SQL por medio del parámetro POST del archivo customoid.inc.php device_id en el archivo ajax_form.php • https://community.librenms.org/c/announcements https://github.com/librenms/librenms/commit/8f3a29cde5bbd8608f9b42923a7d7e2598bcac4e https://github.com/librenms/librenms/compare/1.65...1.65.1 https://github.com/librenms/librenms/pull/11923 https://research.loginsoft.com/bugs/blind-sql-injection-in-librenms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-10670
https://notcve.org/view.php?id=CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php. Se descubrió un problema en LibreNMS versiones hasta 1.47. • https://www.darkmatter.ae/xen1thlabs/librenms-multiple-reflected-cross-site-scripting-vulnerability-xl-19-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12465
https://notcve.org/view.php?id=CVE-2019-12465
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. Se detectó un problema en LibreNMS versión 1.50.1. Se identificó un fallo de inyección SQL en el archivo ajax_rulesuggest.php donde el parámetro term es usado de forma no segura en una consulta de base de datos para mostrar columnas de una tabla, como es demostrado por una petición ajax_rulesuggest.php? • https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-12464
https://notcve.org/view.php?id=CVE-2019-12464
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. Se detectó un problema en LibreNMS versión 1.50.1. Un usuario autenticado puede realizar un ataque de salto de directorio contra el archivo /pdf.php con un nombre de archivo parcial en el parámetro report, para causar la inclusión del archivo local resultando en la ejecución de código. • https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12463
https://notcve.org/view.php?id=CVE-2019-12463
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. • https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-022 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •