module
LibreNMS Collectd Command Injection
| Disclosed |
|---|
| Jul 15, 2019 |
Disclosed
Jul 15, 2019
Description
This module exploits a command injection vulnerability in the
Collectd graphing functionality in LibreNMS.
The `to` and `from` parameters used to define the range for
a graph are sanitized using the `mysqli_escape_real_string()`
function, which permits backticks. These parameters are used
as part of a shell command that gets executed via the `passthru()`
function, which can result in code execution.
Collectd graphing functionality in LibreNMS.
The `to` and `from` parameters used to define the range for
a graph are sanitized using the `mysqli_escape_real_string()`
function, which permits backticks. These parameters are used
as part of a shell command that gets executed via the `passthru()`
function, which can result in code execution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.