An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibrenms
APPLibrenms≤ 1.47
Powiązane podatności
LibreNMS — zdalne wykonanie kodu przez OS command injection (RCE)
SQL Injection w LibreNMS — endpoint ajax_table.php (wyszukiwanie IPv6)
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, host...
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc...