Nixpkgs security tracker

Permalink CVE-2020-36947

7.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 4 months ago by @LeSuisse Activity log

Created suggestion 4 months, 4 weeks ago
@LeSuisse dismissed 4 months ago

LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.

References

ExploitDB-49246 exploit
LibreNMS Official Website product
LibreNMS GitHub Repository product
LibreNMS Community exploitproduct
VulnCheck Advisory: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection third-party-advisory

Affected products

LibreNMS

==1.46

Matching in nixpkgs

pkgs.librenms

Auto-discovering PHP/MySQL/SNMP based network monitoring

nixos-unstable 25.10.0
- nixpkgs-unstable 25.10.0
- nixos-unstable-small 25.10.0

Package maintainers

@NetaliDev Jennifer Graul <me@netali.de>
@johannwagner Johann Wagner <nix@wagner.digital>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@yuyuyureka Yureka <yuka@yuka.dev>

Old issue, current stable branch was never impacted

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.librenms

Package maintainers