CVE-2024-32480
LibreNMS's Time-Based Blind SQL injection leads to database extraction
In short
LibreNMS has a flaw where the 'order' parameter in user requests is directly used in database queries without proper protection, allowing attackers to extract sensitive data from the database.
Technical detail
The 'order' parameter is concatenated directly into SQL statements after insufficient validation, enabling time-based blind SQL injection. An unauthenticated or low-privileged attacker can exploit this to extract database contents through time-delay inference techniques.
Summary generated and translated by AI from the official description.
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
librenms · librenmsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →