← back
CVE-2019-10669

CVE-2019-10669

EPSS 80.7%
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47375unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.htmlhttps://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/