CVE-2019-12464: Path Traversal
First published: Mon Sep 09 2019(Updated: )
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Librenms Librenms | =1.50.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-12464.
What is the severity level of CVE-2019-12464?
CVE-2019-12464 has a severity level of high (7.5).
What is the description of CVE-2019-12464?
CVE-2019-12464 is a directory traversal vulnerability in LibreNMS 1.50.1 that allows an authenticated user to perform a local file inclusion resulting in code execution.
Which version of LibreNMS is affected by CVE-2019-12464?
LibreNMS version 1.50.1 is affected by CVE-2019-12464.
How can I fix CVE-2019-12464?
To fix CVE-2019-12464, it is recommended to upgrade to a newer version of LibreNMS that has patched the vulnerability.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/description
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/librenms
- canonical/librenms librenms
- version/librenms librenms/1.50.1