// For flags

CVE-2024-32480

LibreNMS's Time-Based Blind SQL injection leads to database extraction

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.

LibreNMS es un sistema de monitoreo de red de código abierto basado en PHP/MySQL/SNMP. Las versiones anteriores a la 24.4.0 son vulnerables a la inyección SQL. El parámetro `order` se obtiene de `$request`. Después de realizar una verificación de cadena, el valor se incorpora directamente a una declaración SQL y se concatena, lo que genera una vulnerabilidad de inyección SQL. Un atacante puede extraer una base de datos completa de esta manera. La versión 24.4.0 soluciona el problema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-04-12 CVE Reserved
  • 2024-04-22 CVE Published
  • 2024-04-23 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Librenms
Search vendor "Librenms"
Librenms
Search vendor "Librenms" for product "Librenms"
< 24.4.0
Search vendor "Librenms" for product "Librenms" and version " < 24.4.0"
en
Affected