GHSA-62q7-qj6g-gvr7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-62q7-qj6g-gvr7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-62q7-qj6g-gvr7/GHSA-62q7-qj6g-gvr7.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-62q7-qj6g-gvr7
- Aliases
- Published
- 2022-05-24T16:44:30Z
- Modified
- 2024-04-24T22:28:42.763389Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- LibreNMS arbitrary OS commands execution
- Details
-
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the
$_POST['community']parameter tohtml/pages/addhost.inc.phpduring creation of a new device, and then making a/ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.phpcommand mishandling. - Database specific
{ "nvd_published_at": "2019-04-24T21:29:00Z", "github_reviewed": true, "github_reviewed_at": "2024-04-24T22:10:15Z", "cwe_ids": [ "CWE-78" ], "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-20434
- https://drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view?usp=sharing
- https://gist.github.com/mhaskar/516df57aafd8c6e3a1d70765075d372d
- https://github.com/librenms/librenms
- https://shells.systems/librenms-v1-46-remote-code-execution-cve-2018-20434
Affected packages
Packagist / librenms/librenms
Package
- Name
- librenms/librenms
- Purl
- pkg:composer/librenms/librenms