GHSA-g9xh-3w5g-229r

Source

https://github.com/advisories/GHSA-g9xh-3w5g-229r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-g9xh-3w5g-229r/GHSA-g9xh-3w5g-229r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-g9xh-3w5g-229r

Aliases

CVE-2019-10671

Published

2019-10-11T18:43:33Z

Modified

2024-02-16T08:21:44.783863Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SQL Injection in LibreNMS

Details

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.

Database specific

{
    "nvd_published_at": "2019-09-09T14:15:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-25T12:52:58Z"
}

References

Affected packages

Packagist / librenms/librenms

Package

Name: librenms/librenms
Purl: pkg:composer/librenms/librenms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.50.1

Affected versions

1.*

1.19

1.20

1.20.1

1.21

1.22

1.22.01

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.32.01

1.33

1.33.01

1.34

1.35

1.36

1.36.01

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50