CVE-2019-10671
SQL Injection in LibreNMS
8.8
HIGH
CVSS 3.1
EPSS 0.01%
Description
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.
How to fix CVE-2019-10671
To remediate CVE-2019-10671, upgrade the affected package to a fixed version below.
- —upgrade to 1.50.1 or later
Is CVE-2019-10671 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.50.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |