CVE-2024-32480

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32480

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32480.json

Aliases

GHSA-jh57-j3vq-h438

Published

2024-04-22T23:15:50Z

Modified

2024-05-14T13:11:44.174925Z

Summary

[none]

Details

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type: GIT
Repo: https://github.com/librenms/librenms
Events: Introduced

0The exact introduced commit is unknown

Fixed

83fe4b10c440d69a47fe2f8616e290ba2bd3a27c

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.63

1.64

1.64.1

1.65

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.10.0

21.11.0

21.12.0

21.12.1

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

22.*

22.1.0

22.10.0

22.11.0

22.12.0

22.2.0

22.2.1

22.3.0

22.4.0

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

23.*

23.1.0

23.10.0

23.11.0

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

24.*

24.1.0

24.2.0

24.3.0