LibreNMS - Collectd Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...

CVE-2019-10669

An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqliescaperealstring function. This function is not the appropriate function to sanitize command...

CVE-2019-10669

LibreNMS (through 1.47) has a command injection in html/includes/graphs/device/collectd.inc.php. User-supplied parameters are filtered with mysqli_escape_real_string, which does not escape backticks and other shell characters, enabling injection into the $rrd_cmd that is executed via passthru(). ...

OS Command Injection

librenms/librenms is vulnerable to OS command injection. User supplied parameters that are sanitized with the mysqliescaperealstring function does not validated to contain various command line syntactical characters such as the backtick character, allowing an attacker to inject arbitrary OS...