CVE-2020-36947

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36947

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36947.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36947

Aliases

GHSA-qp2j-v5jg-hg68

Published

2026-01-27T16:16:12.040Z

Modified

2026-03-14T14:40:51.607332Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type

GIT

Repo

https://github.com/librenms/librenms

Events

Introduced

Last affected

bd5e692dc778ff7e7e05e5765baa2ad584154589

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.46"
        }
    ]
}

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36947.json"