Description

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.

INFO

Published Date :

2024-04-22T21:54:01.022Z

Last Modified :

2024-08-02T02:13:39.106Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-32461 vulnerability.

Vendors Products
Librenms
  • Librenms

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact