Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:54 a.m.9 views

CVE-2019-10669

An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqliescaperealstring function. This function is not the appropriate function to sanitize command...

7.2CVSS7.4AI score0.80662EPSS
Exploits5References1
CVE
CVE
added 2019/09/09 12:46 p.m.97 views

CVE-2019-10669

LibreNMS (through 1.47) has a command injection in html/includes/graphs/device/collectd.inc.php. User-supplied parameters are filtered with mysqli_escape_real_string, which does not escape backticks and other shell characters, enabling injection into the $rrd_cmd that is executed via passthru(). ...

7.2CVSS7.1AI score0.80662EPSS
Exploits5References2Affected Software1
0day.today
0day.today
added 2019/09/09 12:0 a.m.32 views

LibreNMS Collectd Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...

7.2CVSS0.4AI score0.80662EPSS
Exploits5
Circl
Circl
added 2019/09/06 5:10 p.m.27 views

CVE-2019-10669

creationtimestamp| type| source ---|---|--- 2019-09-06 17:10:24+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/librenmscollectdcmdinject.rb 2019-09-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47375 2025-02-06 03:13:43+00:0...

7.2CVSS6.7AI score0.80662EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.226 views

LibreNMS Collectd Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...

0.80662EPSS
Exploits5
Metasploit
Metasploit
added 2019/08/12 8:22 p.m.45 views

LibreNMS Collectd Command Injection

This module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part of a shell...

7.2CVSS0.6AI score0.80662EPSS
Exploits5
Rows per page
Query Builder