CVE-2020-36947

Name of the Vulnerable Software and Affected Versions LibreNMS version 1.46

Description LibreNMS version 1.46 contains an authenticated SQL injection issue in the MAC accounting graph endpoint. This allows remote attackers to extract database information by manipulating the sort parameter with crafted SQL injection techniques, enabling time-based blind SQL injection. The affected API endpoint is the MAC accounting graph endpoint.

Recommendations Apply a fix or patch for LibreNMS version 1.46 to address the SQL injection issue in the MAC accounting graph endpoint. As a temporary workaround, restrict access to the MAC accounting graph endpoint or sanitize the sort parameter to prevent SQL injection attacks.