CVE-2019-12465: SQL Injection
First published: Mon Sep 09 2019(Updated: )
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Librenms Librenms | <1.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue in LibreNMS?
The vulnerability ID is CVE-2019-12465.
What is the severity level of CVE-2019-12465?
The severity level of CVE-2019-12465 is high.
What is the affected version of LibreNMS?
LibreNMS versions up to exclusive 1.53 are affected.
What is the CWE ID of this vulnerability?
The CWE ID of this vulnerability is CWE-89.
Is there a reference link for more information about this vulnerability?
Yes, you can find more information about this vulnerability at the following link: https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024/
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/librenms
- canonical/librenms librenms