A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
librenms librenms |