CVE-2019-12463

Name of the Vulnerable Software and Affected Versions LibreNMS version 1.50.1

Description The issue arises from insufficient validation or encoding of user-supplied input in scripts handling graphing options. Specifically, the includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php scripts do not adequately filter parameters, with some being filtered using mysqli real escape string, which only prevents SQL injection attacks, while others remain unfiltered. This vulnerability allows an attacker to inject RRDtool syntax, including newline characters, via the "html/graph.php" and "html/graph-realtime.php" scripts. RRDtool syntax is versatile, enabling an attacker to perform various attacks, such as disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. This issue requires authentication.

Recommendations For LibreNMS version 1.50.1, as a temporary workaround, consider disabling the graphing functionality until a patch is available. Restrict access to the includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php scripts to minimize the risk of exploitation. Avoid using unfiltered parameters in the "html/graph.php" and "html/graph-realtime.php" scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.