SQL Injection Vulnerability in LibreNMS

SQL Injection Vulnerability in LibreNMS

CVE-2019-10671 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.