CVE-2019-10671

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 1.48

Description The issue allows SQL injection due to insufficient parameterization of user-supplied input within database queries. An authenticated attacker can manipulate these database queries to extract or modify data. For example, the sort parameter in graph.php is vulnerable.

Recommendations For versions prior to 1.48, update to version 1.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the graph.php page to minimize the risk of exploitation. Avoid using user-supplied input in database queries until the issue is resolved.