module
LibreNMS Authenticated RCE (CVE-2024-51092)
| Disclosed |
|---|
| Nov 15, 2024 |
Disclosed
Nov 15, 2024
Description
An authenticated attacker can create dangerous directory names on the system and
alter sensitive configuration parameters through the web portal.
Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls,
thus achieving arbitrary code execution.
alter sensitive configuration parameters through the web portal.
Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls,
thus achieving arbitrary code execution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.