High severityNVD Advisory· Published Apr 22, 2024· Updated Aug 2, 2024
LibreNMS vulnerable to time-based SQL injection that leads to database extraction
CVE-2024-32461
Description
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
librenms/librenmsPackagist | < 24.4.0 | 24.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-cwx6-cx7x-4q34ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32461ghsaADVISORY
- doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6ghsax_refsource_MISCWEB
- github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33ghsax_refsource_MISCWEB
- github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.