PT-2019-10157 · Librenms · Librenms

Murrant

Published

2019-03-28

Updated

2022-05-14

CVE-2018-20678

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 1.48

Description: The issue allows SQL injection via the sort[hostname] parameter in the "html/ajax table.php" endpoint, which can be exploited by authenticated users during a search.

Recommendations: For versions prior to 1.48, update to version 1.48 or later to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-20678

GHSA-4FWH-R866-PVH9

Affected Products

Librenms

PT-2019-10157 · Librenms · Librenms

CVE-2018-20678

Weakness Enumeration

Related Identifiers

Affected Products

References · 7