2019-09-09 16:15:11 2019-09-10 16:06:41

An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Librenms Librenms 0.1 (not an official CPE) Librenms Librenms 1.19 (not an official CPE) Librenms Librenms 1.20 (not an official CPE) Librenms Librenms 1.20.1 (not an official CPE) Librenms Librenms 1.21 (not an official CPE) Librenms Librenms 1.22 (not an official CPE) Librenms Librenms 1.22.01 (not an official CPE) Librenms Librenms 1.23 (not an official CPE) Librenms Librenms 1.24 (not an official CPE) Librenms Librenms 1.25 (not an official CPE) Librenms Librenms 1.26 (not an official CPE) Librenms Librenms 1.27 (not an official CPE) Librenms Librenms 1.28 (not an official CPE) Librenms Librenms 1.29 (not an official CPE) Librenms Librenms 1.30 (not an official CPE) Librenms Librenms 1.30.01 (not an official CPE) Librenms Librenms 1.31 (not an official CPE) Librenms Librenms 1.31.01 (not an official CPE) Librenms Librenms 1.31.02 (not an official CPE) Librenms Librenms 1.31.03 (not an official CPE) Librenms Librenms 1.32 (not an official CPE) Librenms Librenms 1.32.01 (not an official CPE) Librenms Librenms 1.33 (not an official CPE) Librenms Librenms 1.33.01 (not an official CPE) Librenms Librenms 1.34 (not an official CPE) Librenms Librenms 1.35 (not an official CPE) Librenms Librenms 1.36 (not an official CPE) Librenms Librenms 1.36.01 (not an official CPE) Librenms Librenms 1.37 (not an official CPE) Librenms Librenms 1.38 (not an official CPE) Librenms Librenms 1.39 (not an official CPE) Librenms Librenms 1.40 (not an official CPE) Librenms Librenms 1.41 (not an official CPE) Librenms Librenms 1.42 (not an official CPE) Librenms Librenms 1.42.01 (not an official CPE) Librenms Librenms 1.43 (not an official CPE) Librenms Librenms 1.44 (not an official CPE) Librenms Librenms 1.45 (not an official CPE) Librenms Librenms 1.46 (not an official CPE) Librenms Librenms 1.47 (not an official CPE) Librenms Librenms 1.48 (not an official CPE) Librenms Librenms 1.48.1 (not an official CPE) Librenms Librenms 1.49 (not an official CPE) Librenms Librenms 1.50 (not an official CPE) Librenms Librenms 1.50.1 (not an official CPE) Librenms Librenms 1.51 (not an official CPE) Librenms Librenms 1.52 (not an official CPE)