CVE-2019-10671: SQL Injection
First published: Mon Sep 09 2019(Updated: )
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Librenms Librenms | <=1.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10671?
CVE-2019-10671 is a SQL injection vulnerability in LibreNMS through version 1.47.
How does CVE-2019-10671 affect LibreNMS?
CVE-2019-10671 allows an authenticated attacker to perform SQL injection attacks on LibreNMS, potentially extracting or manipulating data.
What is the severity of CVE-2019-10671?
The severity of CVE-2019-10671 is rated as high with a CVSS score of 8.8.
How can I fix CVE-2019-10671?
To fix CVE-2019-10671, you should upgrade LibreNMS to version 1.48 or later, which includes a patch for the vulnerability.
Where can I find more information about CVE-2019-10671?
You can find more information about CVE-2019-10671 at the following link: [https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/](https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/)
- collector/nvd-index
- vendor/librenms
- canonical/librenms librenms
- version/librenms librenms/1.47