5 matches found
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32480
LibreNMS (PHP/MySQL SNMP-based monitor) prior to 24.4.0 is vulnerable to SQL injection via the order parameter in the devices API (constructed from $request and concatenated into an SQL statement), enabling potential extraction of the entire database. Root cause: improper input handling where the...
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32480
creationtimestamp| type| source ---|---|--- 2024-04-20 15:29:15+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438...