module
LibreNMS Authenticated RCE (CVE-2024-51092)
| Disclosed |
|---|
| Nov 15, 2024 |
Disclosed
Nov 15, 2024
Description
An authenticated attacker can create dangerous directory names on the system and
alter sensitive configuration parameters through the web portal.
Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls,
thus achieving arbitrary code execution.
alter sensitive configuration parameters through the web portal.
Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls,
thus achieving arbitrary code execution.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.