CVE-2019-10669
N/A
N/A
Summary
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html
- https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/
References
- http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html
- https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.