CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:1.46:*:*:*:*:*:*:*

Information

Published : 2019-04-24 14:29

Updated : 2019-06-04 16:29


NVD link : CVE-2018-20434

Mitre link : CVE-2018-20434


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

librenms

  • librenms