CVE-2019-10665

Name of the Vulnerable Software and Affected Versions LibreNMS versions 1.47 and earlier

Description The issue arises from insufficient validation or encoding of user-supplied input in the scripts handling graphing options, specifically in html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php. Some parameters are filtered with mysqli real escape string, which only prevents SQL injection attacks, while others remain unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is versatile, enabling attacks such as disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.

Recommendations For LibreNMS versions 1.47 and earlier, consider disabling the graphing functionality temporarily until a patch is available. Restrict access to the html/graph.php script and the html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php files to minimize the risk of exploitation. Avoid using unfiltered parameters in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.