Description
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
INFO
Published Date :
2024-04-22T21:54:01.022Z
Last Modified :
2024-08-02T02:13:39.106Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-32461 vulnerability.
| Vendors | Products |
|---|---|
| Librenms |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32461.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact