Published: 21/07/2020 Updated: 23/07/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In LibreNMS prior to 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
librenms librenms

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

CVE-2020-15873 Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1651 Pre-requisites Python27 with Pip and BeautifulSoup4 Docker with LibreNMS Container Login to the web application and create a device using the GUI, setting the host to 127001 Usage (ensure that LibreNMS is started) $ python pocpy <ip addr:8000> librenms libr

CWE-89 https://github.com/librenms/librenms/compare/1.65...1.65.1 https://community.librenms.org/c/announcements https://github.com/librenms/librenms/pull/11923 https://github.com/librenms/librenms/commit/8f3a29cde5bbd8608f9b42923a7d7e2598bcac4e https://research.loginsoft.com/bugs/blind-sql-injection-in-librenms/https://nvd.nist.gov https://github.com/limerencee/cs4239-cve-2020-15873

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15873

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect