Lucene search
Veracode Vulnerability DatabaseVERACODE:21473HistorySep 10, 2019 - 8:06 a.m.
OS Command Injection
2019-09-1008:06:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
69.7%
LibreNMS is vulnerable to OS command injection. It does not properly validate the user input via the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php, allowing an attacker to inject any RRDtool commands such as cd and ls via html/graph.php script.
| CPE | Name | Operator | Version |
|---|---|---|---|
| librenms/librenms | le | 1.52 |
References
github.com/librenms/librenms/commit/9faae11381f148221e12cafef31ea79351a96d7f#diff-427ecd98ea6eda31dd4d30e76730a75e
www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/
www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023/
Related
nvd
nvd
CVE-2019-10665
2019-09-09 13:15:11
CVE-2019-12463
2019-09-09 14:15:11
prion
prion
Sql injection
2019-09-09 13:15:00
Sql injection
2019-09-09 14:15:00
cve
cve
CVE-2019-10665
2019-09-09 13:15:11
CVE-2019-12463
2019-09-09 14:15:11
osv
osv
CVE-2019-10665
2019-09-09 13:15:11
CVE-2019-12463
2019-09-09 14:15:11
LibreNMS Information Disclosure
2022-05-24 16:55:40
cvelist
cvelist
CVE-2019-10665
2019-09-09 12:56:43
CVE-2019-12463
2019-09-09 13:02:52
github
github
LibreNMS Information Disclosure
2022-05-24 16:55:40
Improper Encoding or Escaping of Output and Injection in LibreNMS
2019-10-11 18:43:13