LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
References
Link | Resource |
---|---|
https://github.com/librenms/librenms/commits/master/html/ajax_table.php | Third Party Advisory |
https://cert.enea.pl/advisories/cert-190101.html | Third Party Advisory |
Configurations
Information
Published : 2019-03-28 09:29
Updated : 2019-03-28 11:28
NVD link : CVE-2018-20678
Mitre link : CVE-2018-20678
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
librenms
- librenms