4 matches found
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
LibreNMS Authenticated Remote Code Execution Exploit
An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...
LibreNMS Authenticated RCE (CVE-2024-51092)
An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. Module Options...
CVE-2024-51092
creationtimestamp| type| source ---|---|--- 2024-11-14 23:58:54+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw 2024-11-19 06:27:37+00:00| seen| https://t.me/CyberBulletin/1521 2024-11-19 06:27:37+00:00| seen|...