CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2019-10665

Librenms » Librenms » Version: N/A

cpe:2.3:a:librenms:librenms:-
Librenms » Librenms » Version: 0.1

cpe:2.3:a:librenms:librenms:0.1
Librenms » Librenms » Version: 1.19

cpe:2.3:a:librenms:librenms:1.19
Librenms » Librenms » Version: 1.20

cpe:2.3:a:librenms:librenms:1.20
Librenms » Librenms » Version: 1.20.1

cpe:2.3:a:librenms:librenms:1.20.1
Librenms » Librenms » Version: 1.21

cpe:2.3:a:librenms:librenms:1.21
Librenms » Librenms » Version: 1.22

cpe:2.3:a:librenms:librenms:1.22
Librenms » Librenms » Version: 1.22.01

cpe:2.3:a:librenms:librenms:1.22.01
Librenms » Librenms » Version: 1.23

cpe:2.3:a:librenms:librenms:1.23
Librenms » Librenms » Version: 1.24

cpe:2.3:a:librenms:librenms:1.24
Librenms » Librenms » Version: 1.25

cpe:2.3:a:librenms:librenms:1.25
Librenms » Librenms » Version: 1.26

cpe:2.3:a:librenms:librenms:1.26
Librenms » Librenms » Version: 1.27

cpe:2.3:a:librenms:librenms:1.27
Librenms » Librenms » Version: 1.28

cpe:2.3:a:librenms:librenms:1.28
Librenms » Librenms » Version: 1.29

cpe:2.3:a:librenms:librenms:1.29
Librenms » Librenms » Version: 1.30

cpe:2.3:a:librenms:librenms:1.30
Librenms » Librenms » Version: 1.30.01

cpe:2.3:a:librenms:librenms:1.30.01
Librenms » Librenms » Version: 1.31

cpe:2.3:a:librenms:librenms:1.31
Librenms » Librenms » Version: 1.31.01

cpe:2.3:a:librenms:librenms:1.31.01
Librenms » Librenms » Version: 1.31.02

cpe:2.3:a:librenms:librenms:1.31.02
Librenms » Librenms » Version: 1.31.03

cpe:2.3:a:librenms:librenms:1.31.03
Librenms » Librenms » Version: 1.32

cpe:2.3:a:librenms:librenms:1.32
Librenms » Librenms » Version: 1.32.01

cpe:2.3:a:librenms:librenms:1.32.01
Librenms » Librenms » Version: 1.33

cpe:2.3:a:librenms:librenms:1.33
Librenms » Librenms » Version: 1.33.01

cpe:2.3:a:librenms:librenms:1.33.01
Librenms » Librenms » Version: 1.34

cpe:2.3:a:librenms:librenms:1.34
Librenms » Librenms » Version: 1.35

cpe:2.3:a:librenms:librenms:1.35
Librenms » Librenms » Version: 1.36

cpe:2.3:a:librenms:librenms:1.36
Librenms » Librenms » Version: 1.36.01

cpe:2.3:a:librenms:librenms:1.36.01
Librenms » Librenms » Version: 1.37

cpe:2.3:a:librenms:librenms:1.37
Librenms » Librenms » Version: 1.38

cpe:2.3:a:librenms:librenms:1.38
Librenms » Librenms » Version: 1.39

cpe:2.3:a:librenms:librenms:1.39
Librenms » Librenms » Version: 1.40

cpe:2.3:a:librenms:librenms:1.40
Librenms » Librenms » Version: 1.41

cpe:2.3:a:librenms:librenms:1.41
Librenms » Librenms » Version: 1.42

cpe:2.3:a:librenms:librenms:1.42
Librenms » Librenms » Version: 1.42.01

cpe:2.3:a:librenms:librenms:1.42.01
Librenms » Librenms » Version: 1.43

cpe:2.3:a:librenms:librenms:1.43
Librenms » Librenms » Version: 1.44

cpe:2.3:a:librenms:librenms:1.44
Librenms » Librenms » Version: 1.45

cpe:2.3:a:librenms:librenms:1.45
Librenms » Librenms » Version: 1.46

cpe:2.3:a:librenms:librenms:1.46
Librenms » Librenms » Version: 1.47

cpe:2.3:a:librenms:librenms:1.47

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10665

Products

Pricing

Contact Us