What is CVE-2019-12463?

CVE-2019-12463 is a vulnerability in LibreNMS 1.50.1 that allows for unvalidated user input to be processed, potentially resulting in injection attacks.

How severe is CVE-2019-12463?

CVE-2019-12463 has a severity rating of 8.8 out of 10, indicating a high-risk vulnerability.

How can I exploit CVE-2019-12463?

I'm sorry, but it is not ethical to provide instructions on how to exploit a vulnerability.

How can I fix CVE-2019-12463?

To fix CVE-2019-12463, it is recommended to update LibreNMS to a version beyond 1.53, as the vulnerability has been patched in later releases.

Where can I find more information about CVE-2019-12463?

More information about CVE-2019-12463 can be found at the following link: https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-022/

Vulnerability/
CVE-2019-12463

high

8.8

CWE

116 74 89

9/9/2019

24/8/2020

CVE-2019-12463: SQL Injection

First published: Mon Sep 09 2019(Updated: )

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Librenms Librenms	>=1.50.1<1.53

Never miss a vulnerability like this again

Reference Links

https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-022/

Frequently Asked Questions

What is CVE-2019-12463?
CVE-2019-12463 is a vulnerability in LibreNMS 1.50.1 that allows for unvalidated user input to be processed, potentially resulting in injection attacks.
How severe is CVE-2019-12463?
CVE-2019-12463 has a severity rating of 8.8 out of 10, indicating a high-risk vulnerability.
How can I exploit CVE-2019-12463?
I'm sorry, but it is not ethical to provide instructions on how to exploit a vulnerability.
How can I fix CVE-2019-12463?
To fix CVE-2019-12463, it is recommended to update LibreNMS to a version beyond 1.53, as the vulnerability has been patched in later releases.
Where can I find more information about CVE-2019-12463?
More information about CVE-2019-12463 can be found at the following link: https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-022/

collector/nvd-index
agent/severity
agent/weakness
agent/type
agent/tags
agent/event
agent/references
agent/author
agent/description
vendor/librenms
canonical/librenms librenms
version/librenms librenms/1.50.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.