Vulnerability Details CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.4%
CVSS Severity
CVSS v3 Score 7.2
References
- https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
- https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
- https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
- https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438
Products affected by CVE-2024-32480
-
cpe:2.3:a:librenms:librenms:-
-
cpe:2.3:a:librenms:librenms:0.1
-
cpe:2.3:a:librenms:librenms:1.19
-
cpe:2.3:a:librenms:librenms:1.20
-
cpe:2.3:a:librenms:librenms:1.20.1
-
cpe:2.3:a:librenms:librenms:1.21
-
cpe:2.3:a:librenms:librenms:1.22
-
cpe:2.3:a:librenms:librenms:1.22.01
-
cpe:2.3:a:librenms:librenms:1.23
-
cpe:2.3:a:librenms:librenms:1.24
-
cpe:2.3:a:librenms:librenms:1.25
-
cpe:2.3:a:librenms:librenms:1.26
-
cpe:2.3:a:librenms:librenms:1.27
-
cpe:2.3:a:librenms:librenms:1.28
-
cpe:2.3:a:librenms:librenms:1.29
-
cpe:2.3:a:librenms:librenms:1.30
-
cpe:2.3:a:librenms:librenms:1.30.01
-
cpe:2.3:a:librenms:librenms:1.31
-
cpe:2.3:a:librenms:librenms:1.31.01
-
cpe:2.3:a:librenms:librenms:1.31.02
-
cpe:2.3:a:librenms:librenms:1.31.03
-
cpe:2.3:a:librenms:librenms:1.32
-
cpe:2.3:a:librenms:librenms:1.32.01
-
cpe:2.3:a:librenms:librenms:1.33
-
cpe:2.3:a:librenms:librenms:1.33.01
-
cpe:2.3:a:librenms:librenms:1.34
-
cpe:2.3:a:librenms:librenms:1.35
-
cpe:2.3:a:librenms:librenms:1.36
-
cpe:2.3:a:librenms:librenms:1.36.01
-
cpe:2.3:a:librenms:librenms:1.37
-
cpe:2.3:a:librenms:librenms:1.38
-
cpe:2.3:a:librenms:librenms:1.39
-
cpe:2.3:a:librenms:librenms:1.40
-
cpe:2.3:a:librenms:librenms:1.41
-
cpe:2.3:a:librenms:librenms:1.42
-
cpe:2.3:a:librenms:librenms:1.42.01
-
cpe:2.3:a:librenms:librenms:1.43
-
cpe:2.3:a:librenms:librenms:1.44
-
cpe:2.3:a:librenms:librenms:1.45
-
cpe:2.3:a:librenms:librenms:1.46
-
cpe:2.3:a:librenms:librenms:1.47
-
cpe:2.3:a:librenms:librenms:1.48
-
cpe:2.3:a:librenms:librenms:1.48.1
-
cpe:2.3:a:librenms:librenms:1.49
-
cpe:2.3:a:librenms:librenms:1.50
-
cpe:2.3:a:librenms:librenms:1.50.1
-
cpe:2.3:a:librenms:librenms:1.51
-
cpe:2.3:a:librenms:librenms:1.52
-
cpe:2.3:a:librenms:librenms:1.53
-
cpe:2.3:a:librenms:librenms:1.53.1
-
cpe:2.3:a:librenms:librenms:1.54
-
cpe:2.3:a:librenms:librenms:1.55
-
cpe:2.3:a:librenms:librenms:1.56
-
cpe:2.3:a:librenms:librenms:1.57
-
cpe:2.3:a:librenms:librenms:1.58
-
cpe:2.3:a:librenms:librenms:1.58.1
-
cpe:2.3:a:librenms:librenms:1.59
-
cpe:2.3:a:librenms:librenms:1.60
-
cpe:2.3:a:librenms:librenms:1.61
-
cpe:2.3:a:librenms:librenms:1.62
-
cpe:2.3:a:librenms:librenms:1.62.1
-
cpe:2.3:a:librenms:librenms:1.62.2
-
cpe:2.3:a:librenms:librenms:1.63
-
cpe:2.3:a:librenms:librenms:1.64
-
cpe:2.3:a:librenms:librenms:1.64.1
-
cpe:2.3:a:librenms:librenms:1.65
-
cpe:2.3:a:librenms:librenms:1.65.1
-
cpe:2.3:a:librenms:librenms:1.66
-
cpe:2.3:a:librenms:librenms:1.67
-
cpe:2.3:a:librenms:librenms:1.68
-
cpe:2.3:a:librenms:librenms:1.69
-
cpe:2.3:a:librenms:librenms:1.70.0
-
cpe:2.3:a:librenms:librenms:1.70.1
-
cpe:2.3:a:librenms:librenms:21.1.0
-
cpe:2.3:a:librenms:librenms:21.10.0
-
cpe:2.3:a:librenms:librenms:21.10.1
-
cpe:2.3:a:librenms:librenms:21.10.2
-
cpe:2.3:a:librenms:librenms:21.11.0
-
cpe:2.3:a:librenms:librenms:21.12.0
-
cpe:2.3:a:librenms:librenms:21.12.1
-
cpe:2.3:a:librenms:librenms:21.2.0
-
cpe:2.3:a:librenms:librenms:21.3.0
-
cpe:2.3:a:librenms:librenms:21.4.0
-
cpe:2.3:a:librenms:librenms:21.5.0
-
cpe:2.3:a:librenms:librenms:21.5.1
-
cpe:2.3:a:librenms:librenms:21.6.0
-
cpe:2.3:a:librenms:librenms:21.7.0
-
cpe:2.3:a:librenms:librenms:21.8.0
-
cpe:2.3:a:librenms:librenms:21.9.0
-
cpe:2.3:a:librenms:librenms:21.9.1
-
cpe:2.3:a:librenms:librenms:22.1.0
-
cpe:2.3:a:librenms:librenms:22.10.0
-
cpe:2.3:a:librenms:librenms:22.11.0
-
cpe:2.3:a:librenms:librenms:22.2.0
-
cpe:2.3:a:librenms:librenms:22.2.1
-
cpe:2.3:a:librenms:librenms:22.2.2
-
cpe:2.3:a:librenms:librenms:22.3.0
-
cpe:2.3:a:librenms:librenms:22.4.0
-
cpe:2.3:a:librenms:librenms:22.4.1
-
cpe:2.3:a:librenms:librenms:22.5.0
-
cpe:2.3:a:librenms:librenms:22.6.0
-
cpe:2.3:a:librenms:librenms:22.7.0
-
cpe:2.3:a:librenms:librenms:22.8.0
-
cpe:2.3:a:librenms:librenms:22.9.0
-
cpe:2.3:a:librenms:librenms:23.1.0
-
cpe:2.3:a:librenms:librenms:23.1.1
-
cpe:2.3:a:librenms:librenms:23.10.0
-
cpe:2.3:a:librenms:librenms:23.11.0
-
cpe:2.3:a:librenms:librenms:23.2.0
-
cpe:2.3:a:librenms:librenms:23.4.0
-
cpe:2.3:a:librenms:librenms:23.4.1
-
cpe:2.3:a:librenms:librenms:23.5.0
-
cpe:2.3:a:librenms:librenms:23.6.0
-
cpe:2.3:a:librenms:librenms:23.7.0
-
cpe:2.3:a:librenms:librenms:23.8.0
-
cpe:2.3:a:librenms:librenms:23.8.1
-
cpe:2.3:a:librenms:librenms:23.8.2
-
cpe:2.3:a:librenms:librenms:23.9.0
-
cpe:2.3:a:librenms:librenms:23.9.1
-
cpe:2.3:a:librenms:librenms:24.1.0
-
cpe:2.3:a:librenms:librenms:24.2.0
-
cpe:2.3:a:librenms:librenms:24.3.0